Following the large Gmail outage earlier this week, Google has launched a status page for their most important hosted services called Google Apps Status Dashboard.
Entries for February, 2009
Eurojost, the European Union’s Judicial Cooperaion Unit, has just issued a press release that was meant to clarify reports about the EU looking into methods to intercept Skype calls. Instead, it has only increased speculation about alleged backdoors built into the Skype software:
Today marks the first time somebody sent me a link to a “simple” Wikipedia article. Up until now this was completely unknown territory for me, so I couldn’t resist the urge to browse through it. It’s currently quite small compared to the normal English version of Wikipedia; there are 55000 articles and 129000 “pages”.
Next week, the first real public review of the contenders for the SHA-3 algorithm will take place in Belgium at Leuven University. The competition is run by the National Institute of Standards and Technology (NIST); the winner of the competition will likely become the default hash algorithm for US agencies by 2012, replacing the current [...]
The popular leaks website wikileaks.org has become the victim of it’s own success: last week, private information about Wikileaks was posted on wikileaks.org!
A zero-day exploit for Adobe Reader has been making the rounds since yesterday. From Adobe’s advisory: A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are [...]
The new attack against websites using SSL encryption presented at Black Hat this week shows some interesting possibilities. To recap, this is the most important part of what SSLstrip does: SSLstrip manages to fool the user into believing he has an encrypted connection with the intended website through several clever slights on hand. First, [...]
According to this FAQ, Twitter is getting ready to support OAuth sometime next month. This is great news; up until now, every service using Twitter’s API needed your login name and password. That meant problems when changing passwords, and extra ways for your password to be exposed to hackers. With the new OAuth authentication, external [...]
As noted last week, I find Microsoft’s severity ratings a bit confusing; but fortunately they also provide an exploitability index that tells us a bit more about how likely Microsoft thinks a particular vulnerability is to be exploited. So let’s have a look at how they rate this months updates:
Following the story about the SQL injection vulnerability on Kaspersky’s website, they have provided a rather detailed account of what happened on their blog. In it, they confirm that there was an issue, and that they don’t think any data was actually exposed using the vulnerability: