Microsoft has issued a security advisory for a recently disclosed vulnerability in the ASP.NET that could leave millions of Web pages vulnerable to attack.
Threatpost editors Dennis Fisher and Paul Roberts talk about the revelation that Stuxnet included four previously unknown flaws, the padding oracle attack on ASP.NET Web apps and the return of unofficial patches for zero
[img_assist|nid=6722|title=|desc=|link=none|align=right|width=96|height=96]Saying that you want to take on the world’s biggest social network is the kind of thing that puts a big target on your back. At least that’s what the ambitious young crew behind Diaspora, an open source alternative to Facebook, found out this week.
In this video, researchers Juliano Rizzo and Thai Duong demonstrate the technique they developed for stealing cryptographic keys for ASP.NET Web applications, enabling them to compromise virtually any app built on ASP.NET.
[img_assist|nid=6720|title=|desc=|link=none|align=left|width=100|height=100]Fifty-three individuals were charged today in connection with
widespread, sophisticated identity theft and fraud, including 43
individuals charged with participating in one large-scale criminal
enterprise, United States Attorney Paul J. Fishman and FBI Special Agent
in Charge Michael B. Ward announced. Read the full statement. [FBI Newark]
[img_assist|nid=6717|title=|desc=|link=none|align=right|width=100|height=100]One day after it released updates for its Firefox web browser, the Mozilla Project has issued versions 3.1.4 and 3.0.8 of Thunderbird, the latest stable and legacy branch updates of its popular open source email client. According to the developers, the latest maintenance updates improve the applications overall stability and address several user experience concerns found in the previous stable branch release. Read the full article. [The H Security]
[img_assist|nid=6719|title=|desc=|link=none|align=left|width=100|height=100]Intel has confirmed Blu-ray HDCP encryption is cracked after
admitting a leaked master key is the real deal. High-bandwidth Digital Content Protection (HDCP) copy protection
technology is designed to protect high-definition video content as it
travels across digital interfaces. Read the full artcicle. [The Register]
[img_assist|nid=6279|title=|desc=|link=none|align=right|width=100|height=100]Web insecurity was in the news this week, with a major flaw in the security of ASP.NET and some sobering statistics on Web site infections. When your bank account gets hacked – is it your fault? And, with a patch out for one of four (!) zero day exploits used by Stuxnet, security experts wonder if its the most sophisticated malware…ever!?
From animated logos to Web videos for hip, independent bands, HTML5 is getting buzz and gaining traction. But concerns about the security of features in the new version of the Web’s lingua franca persist.
[img_assist|nid=6697|title=|desc=|link=none|align=right|width=90|height=90]Adobe is cautioning its users about installing an unofficial patch for the Reader CoolType.dll bug that was released on Wednesday, saying that although the patch appears to prevent the crash in Reader, installing it could have some unintended consequences.