A tool that has recently been utilized by terrorists is one that many feel needs to be eliminated. Among individuals who feel the need to shut down free and open Wi-Fi are the Mumbai police. The Times of India reported today that "several police teams, armed with laptops and Internet-enabled mobile phones, will randomly visit homes to detect unprotected networks."
Consumers fleeing from their homes in the wake of flooding waters may not think to grab external hard drives containing important data. The need falls then to have a consumer product which could withstand, at least for a period of time, exposure to extreme elements. That's the idea behind the new ioSafe Solo, which starts around $150.
A company called Lok8u (Locate You) has created a GPS Child Locator device called num8 (new mate) which attaches securely to a child's wrist. It contains an embedded GPS and cellular transeiver which broadcasts the child's location so long as it is on the child's wrist. If taken off, it immediately texts an emergency message to the programmed mobile phone showing the location via Google Maps.
Yesterday, the FBI announced it considers cyber attacks to be the third greatest threat to the security of the United States. The only two preceding it are nuclear war and weapons of mass destruction (WMD).
Netcraft provided more details on a critical digital certificate
vulnerability revealed last week. Although Microsoft downplayed the
problem by stating that the successful exploit was not published,
Netcraft found that 14% of SSL certificates use the vulnerable MD5
hashing algorithm. That number may provide a large enough target for
attackers to invest time into cracking MD5, while certificate
authorities will have a choice of using MD5 and hope that it will not
be cracked or transitioning to a stronger encryption technology such as
One of the cornerstones of Internet security may not be as solid as
generally believed: A team of researchers said they successfully
created a rogue certification authority (CA) to create digital
certificates that are accepted by all major web browser – and not just
those that are running on PCs. The discovery could prompt a new wave of
phishing attacks and the adoption of more secure cryptographic
standards on the Internet.
Today, Microsoft acknowledged that its business class SQL Server database software is vulnerable to the kinds of attacks which inject code into malformed requests. Affected versions include SQL Server 2000, 2005, as well as Windows Internal Database. Not affected are SQL Server 7.0 SP4, 2005 SP3 and 2008, which are immune to the flaw.
Yesterday, Microsoft made good on the quick patch promise they had made earlier in the day. It repairs a critical bug affecting Internet Explorer versions 5.01, 6, 7 and 8 Beta 2 which could allow remote code execution just by visiting an infected website.
Yesterday, Microsoft rolled out its largest number of patches issued at one time in five years. The patches affect software in every operating system since and including Windows 2000. In addition to the new patches, Microsoft also warned of a critical WordPad bug that has not yet been patched and leaves a gaping security hole so that a hacker could gain access and run remote software from email.
Just a few months ago, MySpace began unveiling details and information
about its Facebook Connect rival called MySpace Data Availability. At
that point in time it was not exactly clear what the product would
include. However, it was obvious that it would not be a proprietary
solution like Facebook Connect and it would rely on the Open Stack
concept utilizing OAuth, OpenID and OpenSocial instead. MySpace Data
Availability is now available MyspaceID and should help launching open
source products into the future.
Six British Internet Service Providers (ISPs) are reportedly filtering
user access to Wikipedia due to the site’s addition to the Internet
Watch Foundation, after accusations arose that the site was hosting
what was considered by some to be child pornography.
Koobface, a worm that surfaced on Facebook in July, is spreading again
and remains very active, according to a security alerts issued by
Websense and McAfee.
Microsoft is warning users about a new wave of malicious attacks that
aim to exploit a vulnerability that was outlined in the firm’s security
bulletin MS08-067. If you haven’t patched your PC yet, it is a good
idea to do so asap, the company advises.
McColo, a major hoster of spamming services may have been shut down two
weeks ago, but it was considered to be just a matter of time until the
spam volumes would increase again. According to Symantec’s MessageLabs,
the number of spam emails is already on the increase again – and almost
twice the volume of spam after the McColo shutdown.