Security and the Net

News and opinions about security, the internet and more

Entries for February, 2009

Google adds Apps Status Dashboard

Following the large Gmail outage earlier this week, Google has launched a status page for their most important hosted services called Google Apps Status Dashboard.

Leave a Comment

Did the EU just admit Skype calls can be intercepted?

Eurojost, the European Union’s Judicial Cooperaion Unit, has just issued a press release that was meant to clarify reports about the EU looking into methods to intercept Skype calls. Instead, it has only increased speculation about alleged backdoors built into the Skype software:

Leave a Comment

Simple Wikipedia

Today marks the first time somebody sent me a link to a “simple” Wikipedia article. Up until now this was completely unknown territory for me, so I couldn’t resist the urge to browse through it. It’s currently quite small compared to the normal English version of Wikipedia; there are 55000 articles and 129000 “pages”.

Leave a Comment

First conference in SHA-3 competition starts next week

Next week, the first real public review of the contenders for the SHA-3 algorithm will take place in Belgium at Leuven University. The competition is run by the National Institute of Standards and Technology (NIST); the winner of the competition will likely become the default hash algorithm for US agencies by 2012, replacing the current [...]

Leave a Comment

Wikileaks leaks identities of 58 donors

The popular leaks website wikileaks.org has become the victim of it’s own success: last week, private information about Wikileaks was posted on wikileaks.org!

Comments (1)

Zero-day exploit for Adobe Reader

A zero-day exploit for Adobe Reader has been making the rounds since yesterday. From Adobe’s advisory: A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are [...]

Leave a Comment

Attacks against SSL show interesting possibilities

The new attack against websites using SSL encryption presented at Black Hat this week shows some interesting possibilities. To recap, this is the most important part of what SSLstrip does:   SSLstrip manages to fool the user into believing he has an encrypted connection with the intended website through several clever slights on hand. First, [...]

Comments (2)

Twitter gets ready for OAuth authentication

According to this FAQ, Twitter is getting ready to support OAuth sometime next month. This is great news; up until now, every service using Twitter’s API needed your login name and password. That meant problems when changing passwords, and extra ways for your password to be exposed to hackers.  With the new OAuth authentication, external [...]

Leave a Comment

Followup on Patch Tuesday post

As noted last week, I find Microsoft’s severity ratings a bit confusing; but fortunately they also provide an exploitability index that tells us a bit more about how likely Microsoft thinks a particular vulnerability is to be exploited. So let’s have a look at how they rate this months updates:

Leave a Comment

Updates about Kaspersky SQL injection

Following the story about the SQL injection vulnerability on Kaspersky’s website, they have provided a rather detailed account of what happened on their blog. In it, they confirm that there was an issue, and that they don’t think any data was actually exposed using the vulnerability:

Comments (4)