Google using invalid security certificates   20 Jun 2008 20:49 GMT
It appears that Google is using an invalid security certificate across many of its domains.  If you type https://gmail.com or https://google.com/adsense into your favorite Web browser, here's what you see: Very strange. After last year's warnings around sidejacking, I made...
Source: ZDNet

Phishers targeting Facebook users, fake logins spammed through hacked accounts   20 Jun 2008 17:22 GMT
A currently active phishing campaign is circulating across Facebook end users' walls, using already compromised accounts to post the phishing links, tricking the user into thinking it's a legitimate friend sending the message in order to redirect them to a fake login page. The campaign is taking advantage of multiple...
Source: ZDNet

Free Sourcefire tool pinpoints hostile MS Office files   20 Jun 2008 16:51 GMT
Sourcefire, the company behind the popular Snort intrusion detection system, has released a freeware utility to help identify potentially threatening Microsoft Office files. The tool, called OfficeCat, can be used to process Microsoft Office documents -- Word, PowerPoint, Excel and Publisher -- determine if possible exploit conditions...
Source: ZDNet

Wiretapping: This was no time for a compromise   20 Jun 2008 00:02 GMT
Democrats in Congress have arrived at a compromise on legislation that will allow warrantless wiretaps on U.S. citizens' telephone lines. In March, I covered the threats to privacy from this bill, which was pushed hard by the White House as essential to national security. Today, the Democrats caved in big...
Source: ZDNet

About-face: Apple patches Safari 'carpet bombing' bug   19 Jun 2008 21:23 GMT
In what amounts to a major about-face, Apple has patched the Safari "carpet bombing" vulnerability that led to a Safari-to-Internet Explorer remote code execution combo threat. After insisting for weeks that the issue is more of an irritant than a security risk, Apple today released Safari v3.1.2...
Source: ZDNet

Microsoft blames 'human issues' for Bluetooth patch hiccup   19 Jun 2008 21:06 GMT
Microsoft has re-released its critical MS08-030 bulletin for Windows XP SP2 and SP3 users, warning that "two separate human issues" caused a major hiccup with the critical security patch. The original version of the patch, which corrects a remote code execution flaw in the Windows Bluetooth stack,...
Source: ZDNet

Security breach hits DivShare, unauthorized access to its database   19 Jun 2008 19:57 GMT
The popular document and media sharing service DivShare, suffered a security breach according to a security announcement posted by DivShare's support team earlier this week : Late last night we were alerted of a security breach that allowed a malicious user to access our database, which included user e-mail...
Source: ZDNet

Openness   19 Jun 2008 19:18 GMT
I've been privileged to be around some amazing people recently, first at Enterprise 2.0 in Boston and now this week at SuperNova, Wharton Business school's conference which this year explored "how decentralization and pervasive connectivity are changing our world". My take away word of the...
Source: ZDNet

Chinese antitrust and Microsoft   19 Jun 2008 16:40 GMT
As reported elsewhere and discussed by other ZDNet bloggers, a new antitrust law will come into effect in China on August 1st, and there is speculation that the Chinese government is using that law as basis for an investigation into the company. Not surprisingly, this brings a smile to the...
Source: ZDNet

Good Microsoft wins one   19 Jun 2008 15:41 GMT
Back in April, I contrasted Good Microsoft, which released its Live Mesh service for public consumption, with Bad Microsoft, which decided to pull the plug on its MSN Music customers who had purchased DRM-protected music files from its store. It took a couple months, but it looks like Good Microsoft...
Source: ZDNet