Web Security


Phony SSL Certificates issued for Google, Yahoo, Skype, Others

UPDATED: A major issuer of secure socket layer (SSL) certificates acknowledged on Wednesday that it had issued 9 fraudulent SSL certificates to seven Web domains, including those for Google.com, Yahoo.com and Skype.com following a security compromise at an affiliate firm. The attack originated from an IP address in Iran, according to a statement from Comodo Inc.

Twitter, Javascript Defeat NYT’s $40m Paywall

The New York Times is estimated to have spent $40 million to $50 million to construct an elaborate new paywall that will force some users of the site to pay a monthly fee to read paper content. But just days after rolling out a version of the paywall, the newspaper is playing whack-a-mole with loyal readers who have found simple ways around it.


Firefox 4, the newest version of Mozilla’s flagship browser slated for release today, includes a variety of security and privacy protections, but perhaps the most important of them is the addition of the Content Security Policy. The mechanism, which is enabled by default in Firefox 4, is designed to help prevent widespread Web attacks such as cross-site scripting and data injection.

By Gunter OllmannAs a follow-up to the Rustock botnet news, Microsoft have identified themselves as the key instigators of the takedown.
This is the second time Microsoft’s legal team has been actively
involved in combating the botnet menace – and they obviously learned
from their previous attempt at trying to takedown the Waledac botnet.

It was a big week in security, what with the takedown of the Rustock botnet takedown, there was a major attack against security firm RSA Security. Threatpost Editor Paul Roberts had a chance to sit down with Bill Sell, host of the weekly IT security news show ITEC This Week on the Pulse Network. Paul and Bill talk about the week’s events, and do a round up of the recent RSA Security Conference.

Greg Hoglund, CTO of HBGary, admits that lackluster security played a central role in the breach that led to the release of some 50,000 company emails, but also disputes common understanding and reported details of the hack, going so far as to say there was actually no hack at all.

Dennis Fisher talks with Alex Lanstein of FireEye about this week’s takedown of the Rustock botnet, the important legal precedent it helped set with Microsoft’s lawsuit and the mechanics behind the operation and dismantling of large-scale botnets.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.