Google Inc.'s PC search software is vulnerable to a variation on a little-known Web-based attack called anti-DNS (Domain Name System) pinning, that could give an attacker access to any data indexed by Google Desktop, security researchers said this week.
While malicious software that exploits an unpatched vulnerability in Microsoft Corp.'s Windows operating system is by now the most widely reported threat on the Internet, Microsoft continues to urge customers to wait another week for its official security update.
As security personnel met at this week's Black Hat Conference in Las Vegas, there was easy money to be made at the security vulnerability table. TippingPoint, 3Com's security division, announced it plans to reward security researchers and hackers who reveal information on newly discovered vulnerabilities as part of its Zero Day Initiative. TippingPoint will pay as much as US$2,000 for a verified vulnerability. iDefense, a security intelligence firm recently acquired by VeriSign, has raised the stakes, saying it will increase its payments for information on vulnerabilities.
Microsoft has a new security service that will provide an immediate response when researchers publicize unpatched vulnerabilities. The pilot program run by the Microsoft Security Response Center (MSRC) and called simply Microsoft Security Advisories, complements the monthly scheduled Security Bulletins ordinarily accompanied by patches.