Cryptography

The non-profit Open Web Application Security Project (OWASP) has released its latest list of top 10 web application security risks. Read the release statment. [OWASP.org]

US brokerage D.A. Davidson has agreed to pay $375,000 to settle charges
that lax security practices allowed criminal hackers from Latvia to
pilfer the confidential information of some 192,000 of its customers. Read the full article. [The Register]

European researchers are proposing a paradigm-shifting solution to
trusted computing that offers better security and authentication with
none of the drawbacks that exist in the current state of the art. Read the full article. [Science Daily]

Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a “direct, targeted attack.”

Researchers at the University of Illinois at Chicago have received a $1.15 million grant from the National Science Foundation to build a new computer operating system based on virtual machines and the concept of isolation.

The Black Hat security conference will kick off next week in Barcelona, with training sessions and briefings from some of the most talented security researchers in the industry. Facebook’s chief security officer, Max Kelly, is scheduled for a keynote presentation on Wednesday morning following two days of training sessions. Read the full article. [Computerworld]

Customers of Countrywide Financial have filed a
class-action lawsuit over the 2008 data breach that enabled company
insiders to steal and sell their personal information. Read the full article. [Dark Reading]