An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.
"Flame" is the name of a newly-identified malware program which utilizes a previously unknown MD5 collision attack to successfully spoof Microsoft Terminal Services, and install itself as a trusted program using Windows Update, Microsoft has confirmed. The program appears to have targeted computers in the Middle East, and specifically Iran; analysts have alleged it is likely created by the same entity that designed Stuxnet. Flame has been live and actively spying since 2010, but went undetected until recently, due to sophisticated anti-detection measures. [more inside]
New Phase for Sobig.f Expected to Hit Friday. Any . . . minute . . . now. . .
Gartner Group recommends that IIS users look elsewhere for a better web server.
New worm doing the rounds. Great.
How to anonymously get root access on a quarter million machines overnight In the past 24 hours the CodeRed II worm has been infecting IIS web servers with a speed equal to or greater than that of the original CodeRed. The original CodeRed infected what is thought to be all vulnerable machines, approximately 250,000 hosts, in under 24 hours. While CodeRed I was relatively harmless, CodeRed II installs a full Administrator-access back door shell that can be accessed via HTTP. This creates a very interesting situation, and with the techniques discussed in this paper opens a new potential door for mass system cracking.