Security and the Net

News and opinions about security, the internet and more

Entries for December, 2008

SSL: A chain of trust is only as strong as the weakest link

A presentation at 25C3 today detailed how researchers were able to create their own Certificate Authority that is recognized by all current webbrowsers, allowing them to create valid certificates for any website they like. While it’s presented as an example of why using MD5 hashes is considered harmful, it also serves as a perfect example […]

Comments (1)

Prediction for 2009: more phishing and spam via online services

Graham Cluley warns people about a new wave of phishing attempts being sent via Google Calendar. These are legitimate mails, receiving via Google Calendar, from Google’s mailservers, looking just like a real invitation for a meeting or party. In fact, it is just that. A phisher creates a fake Gmail account, sets up a meeting […]

Leave a Comment

Finding a “hidden” IP address just got easier

As more people are becoming concerned about their online privacy, the use of tools to protect that privacy such as Tor and Privoxy isĀ getting more common. One of the main features that these offer are “hiding” your IP address; privoxy by offering the option to send all your traffic through a proxy server, and Tor […]

Comments (6)

It’s official: MS08-78 fixing critical IE bug

Microsoft just released MS08-78, a security bulletin describing the issue that has been affecting Internet Explorer users for almost a week (CVE-2008-4844). The bug is fixed for Internet Explorer 5.01, 6, 7 and the beta version of IE8. As Microsoft points out on their Internet Explorer homepage, the browser is now “safer than ever”. Don’t […]

Leave a Comment

All major browsers fixing bugs this week

This is a bad week for browser security; not only is Microsoft rushing out an emergency patch tonight, other browser makers are releasing their own updates as well as people worldwide go online to do their Christmas shopping. Opera released version 9.63 of their browser yesterday, fixing several security issues. The most critical ones allow […]

Leave a Comment

Fix for IE7 zero-day to be available tomorrow

Microsoft has just announced that a fix for the critical bug in Internet Explorer 5, 6 and 7 is to be published tomorrow. As usual, there will be webcasts detailing the fixes: Microsoft is hosting two webcasts to address customer questions on these bulletins: on December 17, 2008, at 1:00 PM Pacific Time (US & […]

Comments (1)

Twitter already generating revenue… For Dell!

And it’s not because Twitter is buying tons of Dell gear; Dell is using Twitter for advertising, and people are willingly signing up to receive these messages. Quoting InternetNews: Less altruistically, some businesses have discovered that Twitter is an effective way of communicating with consumers. Dell (NASDAQ: DELL) says Twitter has produced $1 million in […]

Leave a Comment

Who’s to blame when hackers empty your bank account?

That might sound like a stupid thing to ask. If your account is emptied, you surely did something wrong. You were careless with your password, didn’t update your virus scanner, clicked some links in a spam message that happened to install malware, et cetera. Right? So what happens when that’s not what happend? What if […]

Leave a Comment

More details about IE7 zero-day exploit

More details about the zero-day exploit for IE7 are starting to surface. The most shocking detail is that this is actually an older issue: eEye reports that this was first seen on 11/15. eEye says that no mitigation strategies currently exist; Symantec suggests that disabling Javascript will at the very least disable the currect attack […]

Comments (1)

Why did Google enter the mobile phone business again?

Here’s why. Google is now offering their Adsense clients advertising on the iPhone and G1 phones. Here’s the short version of what happened in the last two years: Google noticed a trend: more people were starting to access the internet from their mobile phones But there were no mobile phones that could display their ads […]

Comments (1)