Attackers are finding it more lucrative than ever to compromise e-mail marketing firms and exploit their resources to send out spam, often containing malware, according to a new report from Websense.

The Alureon rootkit has become not just a major headache for its victims, with its insidious infection routines and persistence once on a machine. But it also has proved to be a challenge for researchers engaged in trying to identify new versions and unwind its new tactics and techniques. The latest hurdle thrown up by Alureon is the use of steganography to hide configuration files to update infected machines with new instructions.

Dennis Fisher talks with Mark Russinovich of Microsoft about his novel Zero Day, the idea of a coordinated cyber attack by terrorists and the difficulty of writing a technical novel for a mainstream audience.

The revelation last week that researchers Thai Duong and Juliano Rizzo had developed a new attack on SSL that gives them the ability to decrypt some protected sessions on the fly sparked a lot of discussions about the inherent problems of the protocol and whether it has outlived its usefulness. But it’s not just SSL that’s the problem; it’s the slow accumulation of security problems in the key protocols and systems on which the Internet–and much of our world–rely that has become the real issue.

Adobe said on Friday that its products would soon reject certificates issued by the disgraced Dutch certificate authority DigiNotar following the Dutch government’s decision, Friday, to revoke DigiNotar PKIoverheid CA certificates used by government agencies on September 28. 

The FBI continued its pursuit of members of the hacking group LulzSec on Thursday, arresting a 23 year old Phoenix, Arizona man believed to be part of an online hacking crew that attacked systems belonging to Sony Pictures, the Bureau said in a statement Thursday.

Microsoft officials are seeking to assuage concerns that its implementation of UEFI in Windows 8 will prevent users from loading non-Microsoft operating systems or applications on their machines. Despite concerns raised by security researchers and open-source advocates about vendor lock-in and other issues arising from the use of a secure boot sequence in the upcoming OS, Microsoft says “the customer is in control of their PC.”