Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: dave <dave <at> immunityinc.com>
Subject: The ides of March
Newsgroups: gmane.comp.security.dailydave
Date: Monday 28th March 2011 16:12:07 UTC (over 5 years ago)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm not sure what an Ides is, but maybe it's a remote exploit against IIS
or
something, because it feels like everyone is getting owned.

RSA got owned, and now everyone is trying to get rid of their SecureID
tokens as soon
as possible - there's no easy way around this, except empowering customers
to
generate their own secrets, perhaps? It's always been, I assume, a business
model
thing for them to have to generate and burn the keys themselves. Greed and
security
rarely mix!

And Comodo is giving out SSL certificates for all the major sites. They
like to say
how revoked those certificates are, but I'm pretty sure the people who got
them are
putting them to good use. Go team!

The worst part about Comodo's letter to the public was how they claimed
that they
never thought a nation state would attack them. If that's not part of your
threat
model, what business do you have being part of Internet infrastructure?

And, of course, the always honest guys at PHPFog (http://blog.phpfog.com/).

And MySQL (http://www.theregister.co.uk/2011/03/28/mysql_hack/)

Exciting times.

- --
INFILTRATE 2011 - April 16-17th
The world's first and best offensive information security conference
Call +1-786-220-0600 to sign up today!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAk2Qs1YACgkQZH6GP9oltEsFFQCfcUhwNySUyCXNoAiHFmPV4Jex
FxgAnRQg+GycHFR6BM1NjEIrqHFsRFPr
=1bHJ
-----END PGP SIGNATURE-----
 
CD: 3ms