2009 is barely underway, and already we see new fun emerging from Twitter-phishing, also known as—you guessed it—twishing. Predictions for the effect this could have on the failwhale-powered service are numerous and varied as bloggers and journalists weigh in on whether phishing could sink Twitter in 140 characters or less.

Read More...

A paper published in 2007 describing a way of attacking a widely-used cryptographic function was widely dismissed as "theoretical." Now, a team of researchers has shown why that was a foolish thing to do, and why you can't trust your browser's padlock icon any more.

Read More...

After completing an investigation, Microsoft has responded to reports of a bug in all versions of Windows Media Player (WMP). Yes, there is code that exploits a vulnerability and crashes WMP, but this vulnerability does not pose a security threat.

Read More...

Is DHS the world's largest, and most expensive, security theater troupe?

Read More...

Microsoft has finally published a security advisory for an SQL Server flaw it was notified about in April. Thankfully, the issue only affects older versions and does not appear to be a very serious one.

Read More...

Virus Bulletin has released the results of its antimalware product testing, which it conducted last month. The results indicate VB isn't conducting very stringent tests.

Read More...

Combine open redirect web pages with search engine optimizations and you get a new twist on Google Bombing, now with extra malware. Attackers have begun using this new method, which presents consumers with infected options from supposedly secure companies.

Read More...

In a positive twist, the Massachusetts Bay Transit Authority (MBTA) has announced it intends to partner with the same group of MIT students it once sued in an attempt to prevent them from revealing massive security flaws in the MBTA's contactless payment system. No amount of work is going to fix the MIFARE Classic cards that the system uses, but partnering with security researchers is an infinitely better tactic than just attempting to gag them.

Read More...

The cybersecurity trend lines and aggregate data reports for 2008 are available from some firms, and the results show a burgeoning market that rocked and reacted to many of the same forces as more legitimate occupations. Unfortunately, the US has taken the #1 spot as a malware-hosting country; hopefully we'll manage to lose that particular distinction by this time in 2009.

Read More...

Leaders from government and the private sector gather in D.C. for cyberwargames.

Read More...

Symantec recently released Norton Internet Security for Mac 4.0, a suite of applications that provides antivirus, antiphishing, and firewall functionality in a single package.

Read More...

Microsoft has released an out-of-band security update for Internet Explorer. All users are encouraged to run Windows Update or Microsoft Update and download the fix.

Read More...

In a recent study of the security of browser password managers, Apple's Safari and Google's Chrome both tied for last place among major browsers. It turns out that they are vulnerable to several kinds of exploits.

Read More...

AT&T and T-Mobile have agreed to pay up for advertising that their voicemail systems were secure when they clearly were not. The Los Angeles District Attorney's office investigated the companies and found that their systems were as insecure as ever, allowing hackers to potentially wreak "havoc."

Read More...

ICANN continues to press on with its plans to create an additional 200-800 gTLDs, despite opposition from virtually every corner. The organization claims its plan will create new opportunities for companies, but the implementation seems to be aimed at lining registrars' pockets.

Read More...

Tens of billions of dollars in remittance payments flow out of the US each year, but recent information suggests those financial lifelines to loved ones back home have been tapped by malware authors and would-be thieves. The money you send home to Grandma could end up in someone else's pocket.

Read More...

Less than a day after the launch of the Pastebud copy and paste service for the iPhone, Pastebud users began reporting that they had access to other people's data. The privacy issue turned out to be related to the e-mail addresses used by the service, but it was quickly fixed.

Read More...

Blu-ray's BD+ DRM scheme is temporarily functional again, and an increasing number of new movies can't be decoded by the current version of Slysoft's AnyDVD HD. It's a game of DRM cat-and-mouse, and the studios are currently out in front.

Read More...

If you've got a moment to spare from poring over balance sheets and financial projections, Finjan has a message for you. The security company predicts that disgruntled employees will become a major source of data leaks and theft in 2009, thanks to the economic recession. The solution? Buy more security software—which just happens to be what Finjan sells.

Read More...

After yesterday's epic Patch Tuesday, Exploit Wednesday brings news of three unpatched flaws, two with exploits in the wild.

Read More...