Flashback is the first significant MacOS botnet, reportedly infecting and controlling over half a million Macs. Flashback has been around for since September 2011 but recently got a boost with a Trojan that exploits a security hole in Apple's Java distribution; a vulnerable Mac can be infected simply by visiting a web site, no user password required. Apple released a fix for the Java exploit yesterday, some six weeks after Microsoft, Adobe, and Oracle released their fixes.
Two days ago a user asked Google about a strange warning he was getting when trying to access Gmail from Iran. Turns out he was getting a fraudulent SSL certificate that was issued incorrectly for *.google.com by DigiNotar, a Dutch certificate authority. It seems likely this was a deliberate man-in-the-middle attack to snoop email in Iran. This attack is the second SSL certificate compromise in a year (previously), pointing to a fundamental design flaw in Internet security. [more inside]