Anne Saita

Twitter Resolves SMS Bug (For Some Users)

UPDATE–A day after an independant security researcher disclosed a vulnerability in SMS-enabled Twitter accounts, the social network giant announced it’s fixed the flaw – at least for some users. Those who use a “long code” and/or cannot use a PIN code remain at risk.

Bug Hunter Finds ‘Blended Threat’ Targeting Yahoo Web Site

A Romanian bug hunter has discovered a “blended threat” targeting Yahoo’s Developer Network Web site that allows unauthorized access to Yahoo users’ emails and private profile data.At a security conference Sunday, Sergiu Dragos Bogdan demonstrated an abbreviated version of an attack using the YQL console on developer.yahoo.com. Yahoo Query Language is the company’s proprietary programming language and used to test queries against Yahoo databases. Authenticated users also can access tables with their own Yahoo account data, such as e-mails and profile data, to mount queries.


The University of Arkansas for Medical Sciences is letting some 1,500 patients know their information was kept without permission by a resident physician after she was terminated.The health care facility plans to mail impacted patients who had surgery or were seen by a neurosurgeon from January to June 2010. Some patient data included name, address, date of birth, medical record number and date of service. Others also included more sensitive information such as diagnoses, medications, surgical and other procedure names, and lab results.

A 27-year-old New York man known online as “Weev” was convicted Tuesday of “impersonating” an iPad in order to gain access to AT&T’s servers and swiping 114,000 email addresses, including some belonging to celebrities.

Andrew Auernheimer faces up to 10 years in prison after being found guilty of conspiracy to access a protected computer without authorization and fraud in connection with personal information.

An untold number of Twitter users Thursday received suspicious emails alerting them their passwords had been reset following a loosely defined, third-party hack.

The emails are apparently legitimate, though they were sent to more than victims of compromised accounts.

The Messaging, Malware and Mobile Anti-Abuse Working Group on Tuesday recommended businesses replace 512- and 768-bit verification keys with 1024-bit or higher encryption to counter a current vulnerability that allows the shorter keys to be cracked within 72 hours using cheap cloud-based services.