Donald Sears

Mariposa Operators Did Not Use Cookie Stuffing

According to the researcher who helped take down
Mariposa, the operators who purchased the bot software from the
man known as “Iserdo” and then built Mariposa, for some
reason didn’t opt for the feature, which he offered for 200 euros, even
though it would have increased their potential profits. Read the full article. [Dark Reading]

Group to Publish ‘Month of Vulns’ Starting Sept. 1

Starting tomorrow, a little-known group of security researchers will
kick off a month of bug disclosures that target unpatched
vulnerabilities in software from Adobe, Microsoft, Mozilla, Apple and
others. Read the full article. [Computerworld]

Researchers Find Hole in Quantum Cryptography

The Norwegian University of Science and Technology (NTNU) and the
University of Erlangen-Nürnberg together with the Max Planck Institute
for the Science of Light in Erlangen have recently developed and tested a
technique exploiting imperfections in quantum cryptography systems to
implement an attack. Read the full article. [Science Daily]


Compromised Twitter accounts have been used to post links to an exploit
portal that poses as a download site for an update to TweetDeck, the
popular micro-blogging client software package. Read the full article. [The Register]

Organized cyber thieves stole more than $600,000 from the Catholic Diocese of Des Moines, Iowa
earlier this month with the help of
dozens of unwitting co-conspirators hired through work-at-home job
scams, at least one of whom was told the money was being distributed to
victims of the Catholic Church sex abuse scandals. Read the full article. [KrebsonSecurity]

The developers of the uTorrent file-sharing application have released an
updated version that fixes a problem that could allow an attacker to
load malicious code onto a user’s computer. Read the full article. [IDG News Service]

The new bill requires that
the company include the type of personal information exposed in the
breach; the date or estimated date of the breach; a general description
of the incident itself; and toll-free numbers and addresses for credit
reporting agencies if the breach included social security numbers,
driver’s licenses, or California ID cards. Read the full article. [Dark Reading]