Microsoft just publicly announced a release to actively “untrust” three certificates issued by Certificate Authority TURKTRUST, a subsidiary of the Turkish Armed Forces ELELE Foundation Company. According to Microsoft, the company made several mistakes resulting in fraudulent certificates issued that could be used to MiTM encrypted communications with gmail or other google properties.Read Full Article
A very important “internet trust” discussion is underway that has been hidden behind closed doors for years and in part, still is. While the Comodo , Diginotar, and Verisign Certificate Authority breaches forced discussion and action into the open, this time, this “dissolution of trust” discussion trigger seems to have been volunteered by Trustwave’s policy clarification , and followup discussions on Mozilla’s bugzilla tracking and mozilla.dev.security.policy .Read Full Article
The Adobe AIR and Adobe Flash Player Incubator program updated their Flash Platform runtime beta program to version 5, delivered as Flash Player version 11.2.300.130. It includes a “sandboxed” version of the 32-bit Flash Player they are calling “Protected Mode for Mozilla Firefox on Windows 7 and Windows Vista systems”. It has been over a year since Adobe discussed the Internet Explorer ActiveX Protected Mode version on their ASSET blog, and the version running on Google Chrome was sandboxed too. Read Full Article
Shadowed by the Duqu madness yesterday, Oracle released a slew of critical updates. Most interesting, but perhaps with little impact, is the Java SE BEAST update. Read Full Article
Kaspersky Lab researchers will be presenting at this year’s Virus Bulletin conference on issues surrounding cyber-crime, mobile malware, web application security and social network threats. Read Full Article
With headlines like “New cyber threat compromises financial information – Experts say new threat could affect millions of sites”, you would think that the trust model of the internet is finally crumbled.
From an hour long wait to view the demo, the Ekoparty demo for the SSL hack was staged. And it was interesting that the attack succeeded in cracking the SSL confidentiality model.Read Full Article
This month’s Microsoft patch release is pushed out with lower urgency recommendations overall. While the Sharepoint and server side vulnerabilities are interesting, IT and individuals should attend to the Excel vulnerabilities with urgency. Microsoft is also putting to bed any issues related to Diginotar certificate trust by adding cross signed Diginotar root certificates to the Microsoft Untrusted Certificate Store. Read Full Article