It’s a departure from the stance that most people are taking these days when it comes to issues of social networking and security, but some industry players are pitching the idea [eweek.com] that the ever-more-popular communications applications could someday replace more traditional messaging platforms based on their ability to be more centrally protected from attacks.
A startup out of the University of Texas today released a new open protocol and related technology that addresses the inherent security risks to Web 2.0-type application mashups, according to a new report [darkreading.com].
One of the patches released by Microsoft last week is not providing protection against the vulnerability it was meant to fix, according to a researcher who today accused Microsoft of making functionality a higher priority than security.
In an ironic twist, Kevin Mitnick, a social engineering master who went to jail for impersonating others to get information to access computer networks without authorization, couldn’t access his own Facebook account for weeks because administrators at the social networking site didn’t believe he was who he said he was.
In this Network World interview at SOURCE Boston, well-known hardware hacker Joe ‘Kingpin’ Grand talks about lessons rom the “Prototype This” show, the changing face of security research and his upcoming vulnerability assessment work. The video also includes an interview with Dan Kaminsky about his DNS vulnerability.
In a statement on Monday, the BBC said that its decision to purchase and use a botnet to espose the malware epidemic had been “in the public interest”.
“It was not our intention to break the law,” the BBC told ZDNet UK on Monday. “There is a powerful public interest in demonstrating the ease with which such malware can be obtained and used; how it can be deployed on thousands of infected computers without the owners even knowing it is there; and its power to send spam e mail or attack other websites undetected.”
Credit card giant Visa has taken Heartland Payment Systems and RBS WorldPay off its list of service providers that are compliant with the PCI Data Security Standard.
Over at the Zero Day blog [zdnet.com], I covered the saga of the one-year-old Windows token kidnapping vulnerability that remains unpatched and is now being exploited in malicious hacker attacks.
User names and passwords belonging to more than 8,000 Comcast Internet customers were left exposed on the Web for at least two months. A post by Brad Stone on the Bits blog [NYTimes.com] details the situation, which was exposed by a Comcast customer from Pennsylvania.