Security

http://pastebin.com/BKcmMd47

http://pastebin.com/BKcmMd47 Kernel.org machines were hacked into, possibly via stolen credentials. Investigation is underway. Thanks to GIT crypt-signing each commit, there is no danger to linux kernel code.

http://aws.amazon.com/security/penetration-testing/

http://aws.amazon.com/security/penetration-testing/ read this if you need to conduct pen and security testing on / from EC2 instances

http://ashkansoltani.org/docs/respawn_redux.html

http://ashkansoltani.org/docs/respawn_redux.html An article that describes a method to create a permanent cookie based on If-Modified and Etag HTTP headers. Currently this is used in “the wild” by several banner and add networks. The method is possible because of the simplified implementation of If-Modified implementation in all modern browsers (browsers do not validate values of if-Modified as DATE)

http://technet.microsoft.com/en-us/library/cc512587.aspx

http://technet.microsoft.com/en-us/library/cc512587.aspx

http://blog.lastpass.com/2011/05/lastpass-security-notification.html Online password keeping service LastPass.com reports that it is possible that they were 0wned. (how nice!) In the same time, PastPass seems to be doing the right things: they had a monitoring in place, so they have detected an anomaly in traffic. As soon as the anomaly was detected, they have notified their users and proceeded with further measures.

http://tirania.org/blog/archive/2011/Apr-19.html “This announcement means that Dropbox never had any mechanism to prevent employees from accessing your files, and it means that Dropbox never had the crypto smarts to ensure the privacy of your files and never had the smarts to only decrypt the files for you. It turns out, they keep their keys on their servers, and anyone with clearance at Dropbox or anyone that manages to hack into their servers would be able to get access to your files. " – ehh, a way to go dropbox :-( / noted at https://lwn.net/Articles/438401/ ...