- Prosecuting DDoS attacks
- Zero day exploit for Adobe Reader, Flash now in the wild
- Adobe Flash upgrade closes 32 security holes
- Pirated copy of Dr. Who game includes malware
- Researchers release point and click exploitation tool
- Safari update plugs 48 holes
- Microsoft fixes pwn2own flaw
- Bug gives attackers complete control over Windows PC’s
- Microsoft warns of flaw in help system in Windows XP, Server 2003
- Mass SQL injection attack affects sites running IIS
- Apple fixes history leak flaw in Safari that affects most browsers
- Mass hack puts malware on thousands of pages
- Zeus trojan spoofs IRS, twitter, YouTube
- Hackers claim AT&T exposed iPad users’ emails
- More on AT&T leak
- FBI looking into AT&T Leaks
- Hiring hackers
- Google fixes 11 security issues with Chrome update
- Time to retire “info wants to be free”
Cory’s latest Guardian column makes a thoughtful suggestion with regards to putting to rest Stewart Brand’s famous aphorism from the advent of the information age. He unpacks the much more nuanced interests of those big content wants to make out as info-anarchists. He suggests focusing more on the freedom of the net or more simply people.
- Another attack on quantum cryptography
As the post at Slashdot explains, this one relies on the normal error rate with which quantum crypto systems have to deal. The researchers have shown they can recover some information without raising the error rate above the previously acceptable level. I wrote about an earlier attack on quantum key distribution towards the end of last year.
- More on those responsible for malware
Earlier Brian Krebs had an article exploring the shallow end of the pool of online crime, an individual phisher responsible for an alarming number of attack sites. Today he discusses a Russian businessman whose reputation he has looked into before. Now, a Russian politico has spurred a government inquiry into the allegedly nefarious online criminal organizing and activity of “Redeye”, Pavel Vrublevsky.
- Stop gap IE fix
- Finding, deconstructing a rootkit
From gnat’s Four Short Links
- New trick to view hidden content on Facebook
- Vulnerability in MS Virtual PC
- Another botnet completely offline
- Economics model may explain why users reject security advice
- Botnet protects itself with hardware based licensing
- Elcomsoft speeds up password cracker using latest ATI hardware
- Exploring robust hosting used for malware
- Facebook password reset scam
- Firefox patches critical vulnerability
- Memory cards in thousands of phones infected with malware
This ITworld piece details some of Scott Charney’s thoughts from the RSA conference. Scott is Microsoft Corporate Vice President for Trustworthy Computing.
He does a fair job of characterizing the issues, especially that non-secure PC’s aren’t just a burden to their owners. If they become part of a botnet, then they burden the network which shares the pain even with connected but uninfected systems.
Where his thought process goes astray is in considering a healthcare-like model. You know, because that is working extraordinarily well right now and hasn’t added its own burden of arguments and complications.
I don’t necessarily disagree with the idea of using social systems, including education and advocacy. But we have those already in the form of projects like StopBadWare.org. He seems to be saying that ISPs should take on these additional roles and that cost is the only barrier. Cost, unfortunately, is the least part of the equation. Neither market based solutions or another of his ill-consdired ideas, a new tax on computer users, is going to magically conjure up the expertise that either ISPs or other outfits need to pursue any number of viable schemes to reactively deal with malware.
Of course, here is another thought–how about Microsoft uses a bit of its hefty margin and/or cash in the bank to address the security issues that stem almost entirely from their own operating system?