Microhoo at last and lots of security news

Along with a big IBM acquisition, an admission from Intel and a lesson about online manners

Well, we can all sleep a little easier now that Microsoft and Yahoo have finally announced details of the search deal they have worked on for months (and that has kept some of us on the edge, as tidbits of the story had an unsavory habit of breaking on weekends). All of the details, and then some, can be found by following the links in this week's top entry. Otherwise, with the Black Hat conference under way, there was a load of security news, with DefCon to follow this weekend (no rest for the weary).

1. Microsoft and Yahoo sign search deal, take on Google, CEOs: Devil was in details of Yahoo, Microsoft search tie-up and Microsoft-Yahoo deal: Why you stand to lose: After tracking this would-be news for about a year, all we feel is relief that it was finally announced. Now we can shift attention to whether Microsoft and Yahoo's big search deal, once approved by regulators, will work out for them and for users.

2. Clampi Trojan revealed as financial-plundering botnet monster: The news of a massive botnet associated with more than 45,000 Web sites and capable of stealing financial data is one of those instances that makes us wish that superheroes were real and that we could sic Batman on the bad guys and just end this nonsense once and for all.

3. Sensitive data compromised by SSL encryption flaws: Flaws in the software that uses SSL (Secure Sockets Layer) encryption could compromise sensitive personal data, security researchers said. The problem apparently is in the way SSL has been implemented into many browsers and also in the X.509 public key infrastructure system. (And there is more unsettling security news ahead in numbers five and eight.)

4. Apple: Jailbreaking could knock out transmission towers and EFF: Apple's claim that jailbroken iPhones can crash cell towers a 'hill of beans': There's nothing quite like a public spate to spice up the headlines. Apple told the U.S. Copyright Office as part of a review of the Digital Millennium Copyright Act that unauthorized modification of the iPhone OS -- so-called "jailbreaking" -- could cause major network disruptions, including the possibility of crashing transmission towers. The claim was made in response to a request by the Electronic Frontier Foundation that such modifications do not violate the DMCA and should be permitted. So, the EFF responded to Apple by saying, more or less, "get real!"

5. Extra '&' in Microsoft development code gave hackers IE exploit: "The bug is simply a typo," said Michael Howard, a principal security program manager at Microsoft, to explain how an extra "&" in development code has enabled hackers to exploit Internet Explorer for weeks.

Join the CSO newsletter!

Error: Please check your email address.

Tags YahooMicrosoftsecurityMicrohoo

More about AppleCA TechnologiesEFFElectronic Frontier FoundationFacebookGoogleIBM AustraliaIBM AustraliaIntelMicrosoftSPSSYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Nancy Weil

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts