Cryptography

Minutes after Apple issued a security update Wednesday, the maker of a
10-day-old jailbreak exploit released code that others could put to use
hijacking iPhones, iPod Touches and iPads. Read the full article. [Computerworld]

So, according to a little birdie tweeting in the night, the 2010 Verizon Data Breach Investigations Report (DBIR) contains another encryption challenge that leads to actual cash prizes. 

A bug in Facebook’s login system allows attackers to match unknown email
addresses with users’ first and last names, even when they’ve
configured their accounts to make that information private. Read the full article. [The Register]

More details have emerged of how security researchers tracked down a
Zeus-based botnet that raided more than $1m from 3,000 compromised UK
online banking accounts. Read the full article. [The Register]

Security expert Georgi Guninski has pointed out a security issue in the 1.0 branch of OpenSSL that potentially allows SSL servers to compromise clients. Read the full article. [The H Security]

Significant weaknesses in the common
configuration of Kerberos-based authentication servers could allow
attackers to more easily circumvent security measures in networks that
rely on the open authentication standard, according to research
presented at Black Hat. Read the full article. [Dark Reading]

The U.S. Computer Emergency Readiness Team has issued two warnings on flaws in the embedded systems’ OS technology VxWorks as discovered by researcher HD Moore. One flaw deals with weakness in the hashing algorithm of the API authentication; The second regards debug settings being enabled by default and affects nearly 60 vendors’ products. Read the algorithm warning here. Read the debug warning here. [US CERT]