The glitzy, interactive abilities of Web 2.0 have led to a profusion of new applications, but the technology also is bringing a new era of security vulnerabilities, a security researcher warned Wednesday.

"Security was a challenge to begin with, but if anything it's getting harder in the Web 2.0 world," said Jacob West, manager of the security research group at Fortify, a company that helps companies make sure their software is secure.

A big culprit is JavaScript, a language that's widely used to control Web browsers and enable more sophisticated operations.

http://www.news.com/8301-10784_3-9927541-7.html?tag=cd.blog

Urs

Beating the "botnets"–armies of infected computers used to attack websites–requires borrowing tactics from the bad guys, say computer security researchers.

A team at the University of Washington, US, wants to marshal swarms of good computers to neutralize the bad ones. They say their plan would be cheap to implement and could cope with botnets of any size.

Their system, called Phalanx, uses its own large network of computers to shield the protected server. Instead of the server being accessed directly, all information must pass through the swarm of "mailbox" computers.

http://technology.newscientist.com/article/dn13753-to-defeat-a-malicious-botnet-build-a-friendly-one.html

Urs

Researchers have devised an encryption scheme that could simplify the protection of sensitive information by allowing banks, hospitals, and other organizations to lock files using keys that are based on specific attributes, such as an employee's position or geographic location.

The method, which was unveiled last week, adds to the growing body of research known as functional or attribute-based encryption.

Functional encryption tries to simplify things. It allows data to be encrypted using attributes directly tied to the recipients, such as their names or email addresses, without the need for the parties to have exchanged keys ahead of time.

http://www.theregister.co.uk/2008/04/23/research_simplifies_encryption/

Urs

Quantum cryptography, a new technology until now considered 100 per cent secure against attacks on sensitive data traffic, has a flaw after all, Swedish researchers say.

"In computer terms, we've found a bug," said Jan-Aake Larsson, an associate professor of applied mathematics at the Linkoeping University in southern Sweden.

"It was surprising - we didn't expect to find a flaw," he said, adding that he and another researcher at the university had also discovered a way to fix the problem.

http://abc.com.au/news/stories/2008/04/21/2223348.htm

Urs

Microsoft Corp. today took credit for crushing the Storm botnet, saying that the malware search-and-destroy tool it distributes to Windows users disinfected so many bots that the hackers threw in the towel.

"They realized they were in our gun sights," said Jimmy Kuo, a principal architect with Microsoft's malware protection center, the group responsible for the Malicious Software Removal Tool (MSRT). Microsoft updates and automatically redistributes the software tool to Windows users each month on Patch Tuesday.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9079653

Urs