Security

http://en.blog.wordpress.com/2011/04/13/security/ this is just great … at least they notified their users in a timely manner. Change your passwd if you have wordpress.com account.

http://aws.amazon.com/security/pci-dss-level-1-compliance-faqs/ Amazon AWS is “PCI DSS 2.0 Level 1 -compliant Shared Hosting Provider”. i.e. you can build your PCI-DSS compliant infrastructure using EC2, S3, EBS and VPC to store and process payment card data

http://pastebin.com/74KXCaEZ [also see LWN’s write-up https://lwn.net/Articles/435214/ .] Curios message [allegedly] from a person who hacked into Comodo CA. Makes you wonder … Basically the whole SSL trust is just a piece of crap and cannot be trusted at all – major CA have thousands of reseller accounts protected only by username/password combination and ANY such account could be used to sign ANY certificate, i.e. amazom.com, yourbank.com, etc.

http://blog.jgc.org/2011/03/how-not-to-post-security-article.html an excellent follow up on a hoax story about Samsung installing keyloggers on its laptops.

http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/ awesome story about how security firm HBGary was hacked, or what happens if you do not follow simple security best practices.

http://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government.ars/ articles describes operations of computer security firm HBGary, based on email archive of HBGary, that hacker group “Anonymous” has recently made available

http://www.mozilla.com/en-US/plugincheck/ checks versions of all plugins installed/enabled in your web browser

http://www.symantec.com/connect/fr/blogs/updated-w32stuxnet-dossier-available Stuxnet was a targeted attack on five different organizations – see the update posted by Symantec’s researchers. They have analyzed data from anti-virus software and made a graph based on IP and stuxnet version – this shows 5 different targets.

http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html curl -v -H “Accept-Language: en-us;q=2.2250738585072012e-308” http:///someurl if your tomcat/Jboss/whatver runs on unlatched JVM – the thread will go into infinite loop also see http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html

http://www.gq.com/news-politics/big-issues/201101/the-dubai-job-mossad-assassination-hamas?printable=true story about how mossad conducted an assassination of hamas leader in Dubai