Dan Kaplan

Hackers compromised Red Hat's Fedora servers, which prompted the open source software company to issue a critical update Friday for its OpenSSH packages. Alternative web browser Opera has delivered an update to address seven critical vulnerabilities. Turkish hackers appear to have briefly gotten their hands on the website of Olympic record breaker Michael Phelps. A US federal judge has lifted a temporary injunction that denied three college students from presenting their subway payment hack research at the recent Defcon show. Adobe said it is looking into Flash-based exploits leveraging clipboard software to spread a malicious URL. Security experts worry that an open-source Flash animation toolkit is being widely misused to create malicious banner advertisements. Microsoft is investigating a zero-day vulnerability in Visual Studio. A 24-year-old, who admitted to phishing AOL users during a four-year period, has received seven years in prison. In its largest security update in 18 months, Microsoft on Tuesday delivered 11 patches to resolve 26 vulnerabilities in its operating system and related components. Forget SSL injection and cross-site scripting, there's a new website vulnerability in town -- and you can't scan for it. Microsoft plans 12 fixes - seven for "critical" bugs - in next week's monthly patch delivery. One of Google's latest features can be manipulated to spread malware, a pair of researchers said Wednesday at the Black Hat conference in Las Vegas. Roughly one month after Microsoft disclosed that attackers were exploiting a zero-day Active X vulnerability, the attacks are multiplying; but mostly in China. Mozilla is investigating a new, low-risk vulnerability in its recently released Firefox 3 web browser that could permit an attacker to crash a victim's browser. Telecommunications firm Motorola has acquired AirDefense, provider of wireless LAN security. For the first time in more than three years, Oracle has issued an alert warning customers about a zero-day vulnerability. Endpoint security stalwart Sophos has bid to acquire Germany-based encryption provider Utimaco Software for more than US$340 million. RealNetworks, maker of RealPlayer, has issued an update to address four serious bugs. The principal owners of E-Gold, an online money transfer system, have pleaded guilty in federal court to operating a business that caters to cybercriminals.
When researcher Dan Kaminsky reveals details behind the major DNS protocol vulnerability next month at Black Hat, it may not be such a surprise anymore.