New and noteworthy in security 11/26/08
Widgets & RSS FeedsScript kiddies have awesome tools: Toomas Römer finds a new exploit tool on a hacked Wordpress blog and then proceeds to review it. He concludes the tool is cross platform, feature rich, efficient and has a nice user interface. All in all a very compelling example of why it is important to keep installations up to date.
2008 Internet Security Report: Arbor Networks Security 2008 Worldwide Infrastructure Security Report is summarized in a post in their Security to the Core blog. The full report synthesizes data from a survey of about 70 lead security engineers and includes descriptions of new threats such as DDoS attacks that exceed 40 gigabits a second and new DNS attacks.
Identification Is Not Security: Ben Laurie has a nice piece that illustrates some of the distinctions between identification, authentication, authorization and security. Far too often one services focus on one aspect such as identifying the account holder when they would be much better of worrying about the authentication and authorization of the individual paying.
