Call it “Frankencookie:” a security researcher has released a tracking cookie that he claims is nearly impossible to remove. Dubbed “evercookie,” it is designed to raise awareness about the ease with which Web site operators can evade privacy tools designed to eliminate shield visitors’ privacy.
A new report out from security testing firm Veracode suggests that reused and third party code is a big source of application insecurity.
[img_assist|nid=6775|title=|desc=|link=none|align=left|width=88|height=88]Researchers at NC State University and IBM have
built a prototype security tool that operates in stealth mode to
determine the security of a hypervisor so as not to tip off attackers. Read the full article. [Dark Reading]
[img_assist|nid=6764|title=|desc=|link=none|align=right|width=91|height=91]Apple has pushed out a Mac OS X security update to plug a security hole
that allows access to shared folders without a valid password. Read the full article. [ZDNet]
UPDATE: Engineers at social network Twitter.com plugged a vulnerability in the company’s main Web page after attacks that exploited the hole may have hit more than 500,000 users.
[img_assist|nid=6631|title=|desc=|link=none|align=right|width=100|height=100]Microsoft is warning customers that it has seen ongoing attacks against the recently disclosed padding oracle vulnerability in ASP.NET and is encouraging them to implement a workaround that will help protect against the publicly disclosed exploit for the bug.
By Alex Rothacker[img_assist|nid=5194|title=|desc=|link=none|align=left|width=100|height=100]Since 2008, higher education institutions have experienced a staggering 158 data breaches resulting in over 2.3 million reported records compromised. In 2009 alone there were 57 reported data breaches, and year to date through July of 2010, there have already been 32 breaches.
[img_assist|nid=6759|title=|desc=|link=none|align=right|width=100|height=100]UPDATE– Within an hour of reports surfacing about a cross-site scripting bug on the Twitter home page, a worm exploiting the bug was released on the site. However, engineers at Twitter have repaired the bug and say that it no longer should be exploitable.
Canonical has released updated kernels for Ubuntu versions 10.04 LTS, 9.10, 9.04, 8.04 LTS and 6.06 LTS to close the recently discovered holes in the Linux kernel. The updates are also for the equivalent versions of Kubuntu, Edubuntu and Xubuntu and should be available through Ubuntu’s Software Update system. Read the full article. [The H Security]
[img_assist|nid=6743|title=|desc=|link=none|align=left|width=100|height=100]Adobe has released a patch to fix a critical vulnerability in its ubiquitous Flash Player software that was disclosed last week. The company pushed up its release plans for the patch after reports emerged that the bug already was being exploited.