http://security.blogs.techtarget.com A SearchSecurity.com blog Thu, 15 May 2008 19:18:55 +0000 http://backend.userland.com/rss092 en If you're an SSH and Linux user, this is not a good week for you. Not only did Debian announce that a flaw in its OpenSSL implementation allows attackers to easily guess cryptographic keys, but now HD Moore has posted a list of SSH keys that he was able to ... http://security.blogs.techtarget.com/2008/05/15/ssh-keys-and-ssl-certificates-at-risk-from-new-debian-openssl-flaw/ Spam researchers have discovered a recent run of unwanted messages using Google’s Web-based word processor and even testing their campaigns using Google analytical tools. MessageLabs spokesperson Matt Sergeant, said the spam messages are successful in getting through most enterprise email filters. The messages don’t contain content, only a link that takes ... http://security.blogs.techtarget.com/2008/05/14/google-docs-used-in-latest-spam-run/ Security vendor Marshal says the Srizbi botnet has grown to be the worlds largest spam botnet, outpacing the Storm Trojan in sending unwanted email and compromising computers. Srizbi now accounts for half of all spam. In comparison, Storm accounted for 20% of all spam at its peak. In figures released by ... http://security.blogs.techtarget.com/2008/05/13/srizbi-botnet-is-the-biggest-but-does-it-matter/ Anne Bonaparte, a veteran security industry executive, is taking over the top job at change-management vendor Solidcore Systems. Bonaparte has spent time at a number of security vendors, including VeriSign, MailFrontier, SonicWall and Tablus. She takes over as CEO at Solidcore, as founder and former CEO Rosen Sharma steps asides ... http://security.blogs.techtarget.com/2008/05/12/security-vet-anne-bonaparte-takes-ceo-job-at-solidcore/ The trend toward large-scale attacks against Web sites through the use of SQL injection is continuing, as experts at both the SANS Internet Storm Center and Shadowserver Foundation are tracking a newly discovered SQL injection worm that appears to be exploiting a RealPlayer flaw and dropping malware on vulnerable sites. ... http://security.blogs.techtarget.com/2008/05/07/new-sql-injection-worm-making-the-rounds/ Users of social networking sites may be irritated to find that an increasing number of invitations to be a friend or contact turn out to be ads. Spammers are turning their attention to social networking sites to hawk their products, according to Cloudmark, a messaging security company. As email antispam technology ... http://security.blogs.techtarget.com/2008/05/07/spammers-exploit-social-networking-sites/ If you've been dying to get your hands on Microsoft's NAP (Network Access Protection) technology, but just somehow haven't gotten around to deploying Vista yet, today is your lucky day. Microsoft released Service Pack 3 for Windows XP today and one of the major components of the massive update is ... http://security.blogs.techtarget.com/2008/05/06/microsoft-releases-windows-xp-sp3/ In this interview conducted last month at RSA Conference 2008, security expert, Howard Schmidt says the federal government’s goal to reduce its nearly 2,000 domain access points to 50 by Fall 2008 is too aggressive and questions whether the government will reach its goal. Schmidt also explains how an unstable ... http://security.blogs.techtarget.com/2008/05/06/howard-schmidt-fed%e2%80%99s-domain-reduction-program-too-aggressive/ Anonymizer, the pioneering online privacy company, was acquired Thursday by a highly specialized national-security technology provider. Anonymizer began in 1995 as a provider of technology to help consumers, and later enterprises, protect their identities online. The company has a variety of products now that enable users to avoid spam, surf ... http://security.blogs.techtarget.com/2008/05/01/pioneering-online-privacy-firm-anonymizer-acquired/ There has been a lot of interesting work going on in the research community of late on a handful of really specialized and esoteric application attacks, like Mark Dowd's NULL pointer attack and David Litchfield's lateral SQL injection technique. These two methods have a few things in common, specifically the ... http://security.blogs.techtarget.com/2008/04/30/why-lateral-sql-injection-and-null-pointer-attacks-matter/