MayDay! Sneakier, More Powerful Botnet on the Loose

A new peer-to-peer (P2P) botnet even more powerful and stealthy than the infamous Storm has begun infiltrating mostly U.S.-based large enterprises, educational institutions, and customers of major ISPs.

Truecrypt 5.0 released

The popular open source privacy tool, TrueCrypt, has just received a major update. The most exciting new feature provides the ability to encrypt an entire drive, prompting the user for a password during boot up; this makes TrueCrypt the perfect tool for non-technical laptop users (the kind who are likely to lose all of that sensitive customer data). The Linux version receives a GUI and independence from the kernel internals, and a Mac OS X version is at last available too.

Google Blamed For Indexing Student Test Scores & Social Security Numbers

Heads Up Internet Explorer Users

A plug-in for Microsoft’s Internet Explorer Web browser that helps users upload photos to popular sites such as Facebook and Myspace contains multiple security holes.

When Security Improvements Backfire

Recently, when conducting an (authorized) security review at a small web hosting provider, I ended up as “root” on all their Unix systems within a matter of hours, and did not even need any l33t buffer overflow or the like. Well-meaning system administrators had tried to improve security of their servers, and had unwittingly ended up making life much easier for the bad guys.