Networking

MICROSOFT ON WEDNESDAY issued a patch for two security flaws in its Windows Media Player software that could allow malicious users to run programs on other users' PCs...

Saw this over at HNN

A priceless Enigma crypto device (only three exist) was stolen this spring from a museum in the UK. The Sunday Times describe in fascinating detail how they fully recovered the item. Codewords hidden in the newspaper, buried video tapes, meetings in dark misty cemeteries and other cloak-n-dagger stuff were used. The Bad Guy was also nabbed. A must-read tale.

Saw this over at HNN

Private email messages were allegedly revealed on public website www.MyFlorida.com as the unnerving result of a "strange" computer glitch set off by web surfer, Jerry Haygood, typing the word "liscence" in the search box. Apparently, sensitive material was exposed, most of it being medically related. One of the victims, whose request for a phone number was revealed, warned against relaying any private information in writing over the Internet. File under weird.

Bruce Schneier, author of the excellent book, Applied Cryptography, inventor of the Blowfish algorithm, writer of the Crypto-Gram newsletter, and doer of various other noteworthy crypto-related deeds, weighs in on SDMI's efforts in this EET article. In a nutshell, here's what he thinks:

Looks like somoene with the n1nor handle managed to infiltrate AntiOnline's site, replacing the main page with a nice targetted rant against John Vranesevich (one of the site founders). I'm sure you're all aware of the barrage of attempted break-ins that AntiOnline has suffered in the past - this vulnerability however appears to lie within the PERL scripting. Read all about it here.

Tripwire posted the source code to their integrity checking tool at SourceForge today. Get your hands on the press release here.

Saw this over at HNN

The Israel Defense Force (IDF) as well as several of the country's government web sites appear to be the target of an Arab counterattack. Email blitzes that have paralyzed several sites in Israel are in retailation for what is believed to be an attack on the Hizbullah’s site earlier this week. NetVision, a major ISP in Israel that has several of the affected sites on its servers, is in the process of conducting major damage control.

Saw this over at HNN

A security flaw in the New Jersey Turnpike EZ-Pass electronic toll collection service has led to a temporary suspension of billing services. Christopher Reagoso, an independent user of the collection system, publicly disclosed the flaw which allows infiltrators to view turnpike statistics and user names in the e-mail billing system.

Infoworld

Saw this over at HNN