According to this FAQ, Twitter is getting ready to support OAuth sometime next month. This is great news; up until now, every service using Twitter’s API needed your login name and password. That meant problems when changing passwords, and extra ways for your password to be exposed to hackers. With the new OAuth authentication, external [...]
As noted last week, I find Microsoft’s severity ratings a bit confusing; but fortunately they also provide an exploitability index that tells us a bit more about how likely Microsoft thinks a particular vulnerability is to be exploited. So let’s have a look at how they rate this months updates:
Following the story about the SQL injection vulnerability on Kaspersky’s website, they have provided a rather detailed account of what happened on their blog. In it, they confirm that there was an issue, and that they don’t think any data was actually exposed using the vulnerability:
An unidentified hacker announced yesterday that he has managed to gain access to databases used by the usa.kaspersky.com website, allowing him to gain access to users accounts, activation codes and possibly personal data about Kaspersky customers.
After two different people sent me suspicious links via MSN, I decided to fire up a virtual machine and visit one of them. The link led to a file, which I uploaded to virustotal.com. The results? Only 11 of the 39 virus scanners tested recognized the file!
I’ve never quite liked Microsoft’s severity rating system for security vulnerabilities; todays pre-announcement for this months patch tuesday provides a very good example of the problem I have with it. Microsoft provides four severity levels for security issues, and the different ratings appear to make sense at first sight:
Last week, Long Zheng posted details about a security issue in Windows 7′s implementation of User Account Control. The UAC feature in Vista received so much criticism that Microsoft decided to add different security levels in Windows 7; the default setting now only warns you when a program tries to change Windows settings.
When the first release candidate for Internet Explorer 8 was released, the accompanying press release mentioned it had the ability to protect users from clickjacking attacks “out of the box”. and that this was possible “without impacting compatibility”. Microsoft has just provided some additional details that show how this protection works; for now, it looks [...]
While I don’t like to read press releases, let alone quote them, this one managed to catch my attention. It introduces a product called “Mobile PKI” for Blackberry’s, that promises to enhance the security of communications between Blackberry devices and your company’s servers:
There were two separate news items this week that together show MacOS X has finally become an attractive platform for malware makers. The first was reported by several news sites: pirated copies of iWork were found to contain malware. From the advisory: The installer for the Trojan horse is launched as soon as a user [...]
