dave | 28 Mar 18:12 2011

The ides of March


I'm not sure what an Ides is, but maybe it's a remote exploit against IIS or
something, because it feels like everyone is getting owned.

RSA got owned, and now everyone is trying to get rid of their SecureID tokens as soon
as possible - there's no easy way around this, except empowering customers to
generate their own secrets, perhaps? It's always been, I assume, a business model
thing for them to have to generate and burn the keys themselves. Greed and security
rarely mix!

And Comodo is giving out SSL certificates for all the major sites. They like to say
how revoked those certificates are, but I'm pretty sure the people who got them are
putting them to good use. Go team!

The worst part about Comodo's letter to the public was how they claimed that they
never thought a nation state would attack them. If that's not part of your threat
model, what business do you have being part of Internet infrastructure?

And, of course, the always honest guys at PHPFog (http://blog.phpfog.com/).

And MySQL (http://www.theregister.co.uk/2011/03/28/mysql_hack/)

Exciting times.

--
INFILTRATE 2011 - April 16-17th
The world's first and best offensive information security conference
Call +1-786-220-0600 to sign up today!

Gmane