Microsoft confirms server vulnerability warning

Microsoft has activated its security response process to deal with the release of a exploit code targeting an unpatched vulnerability affecting IIS 5.0 through 6.0. The company released a formal pre-patch advisory to acknowledge the vulnerability and offer mitigation guidance for customers.

Microsoft is investigating new public reports of a possible vulnerability in Microsoft [...]

May 19th, 2009 | Tags: , | Category: General | Leave a comment

D-Link router’s CAPTCHA flawed, WPA passphrase retrieved

It took only a week for the researchers at SourceSec to find a flaw in the CAPTCHA implementation of D-Link’s recently introduced CAPTCHA in its routers, originally aimed to prevent DNS changing malware from automatically achieving its objective.

According to SourceSec, the flawed implementation allows an attacker/malware to retrieve the router’s WPA passphrase with [...]

May 19th, 2009 | Tags: , | Category: General | Leave a comment

Study: password resetting ‘security questions’ easily guessed

How secret are in fact the ’secret questions’ used for resetting forgotten passwords? Not so secret after all, according to a just published study entitled “It’s no secret: Measuring the security and reliability of authentication via ’secret’ questions” according to which 17% of the study’s participants were not only able to answer the ’secret [...]

May 19th, 2009 | Tags: | Category: General | Leave a comment