Rutkowska’s Qubes OS to Implement Disposable VMs

Joanna Rutkowska’s Qubes OS project will include a feature to create one-time use-and-discard virtual machines.The idea behind Disposable VMs is to have very lightweight virtual machines that can be created and booted quickly with a sole purpose of hosting only one application.  “Then, once you’re done, you just throw it away,” Rutkowska explained.

Anatomy of the Eleonore Exploit Kit

LIMASSOL, CYPRUS–When an unknown attacker compromised three domains belonging to the U.S. Bureau of Engraving and Printing last month, it became big news, mainly for the brazenness of the attack against a federal Web site. The bigger news, however, turned out to be that the attack involved the use of the Eleonore exploit kit, a sophisticated and well-developed toolkit for attackers.


Online criminals are scanning the Internet and attacking Windows 2000
machines that haven’t had a recent Windows Media Service patch
installed, but the damage is limited, said researchers. Read the full article. [IDG News Service]

Guest editorial by Steve ManzuikYesterday while some of us in the USA were enjoying a day off Google made the news with this article in the Financial Times stating that they are moving away from Microsoft Windows due to security concerns.  My first reaction was to question why a company with as many smart brains as Google would make such a misguided decision.  That was, of course, before I actually read the entire article.

Originally expected for today, Mozilla has confirmed that it is delaying the the release of
version 3.6.4 of its open source Firefox web browser, the next security
and stability update to the 3.6.x branch of Firefox. Instead, Mozilla
has announced the availability of a release candidate for public
testing. Read the full article. [The H Security]

Microsoft has released an open-source Web Protection Library (WPL) to help developers protect web sites from cross-site scripting attacks.

The WPL, which is a set of .NET assemblies, is being offered as part of a defense in depth strategy to add an extra layer to any validation or secure coding practices.

Any penance Google could ultimately pay for violating privacy sentiments
across the planet has become a bit more unpredictable. Canada became the latest nation to launch a formal investigation into Google’s practice of harvesting personal Wi-Fi
data from open wireless networks all across the planet. Read the full article. [The Last Watchdog]

Botnets increasingly are creating phony
online accounts on legitimate websites and online communities in order
to steal information from enterprises. Merrick
Furst, botnet expert and distinguished professor of computer science at
Georgia Tech, says bots are showing up “en masse” to customer-facing
websites — posing as people. Read the full article. [Dark Reading]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.