Encryption

A Romanian researcher has discovered a major password breach on the FTP site belonging to the IEEE. He blames a misconfigured server, as well as the sloppy practice of storing passwords on log files.

Experts said the light patch load addresses issues that aren't considered high-risk, but the monthly update from Microsoft also includes a new requirement that encryption algorithms on RSA certificates meet a certain key length.

Next week's monthly patch batch from Microsoft is not very burdensome, but it includes a new requirement that certificates must contain RSA key lengths of more than 1,024 bits.

A new data-stealing trojan has turned up on the systems of one of Radware's customers, according to researchers at the network security firm.

In a report released this week, the federal Government Accountability Office (GAO) found that the EPA, which just announced a server breach resulting in the personal information compromise of 7,800 people, is falling short in several areas.

Though Gauss's encrypted payload continues to perplex researchers, Kaspersky Lab has unveiled a free tool to detect the malware.

Gauss, which researchers have linked to Flame and Stuxnet, both believed to be built by the U.S. government, functions mainly as a banking trojan -- but it also contains a mystery encrypted payload.

LinkedIn's 2Q earnings call reveals that the company spent between $500,000 to $1 million on forensic work surrounding a recent data compromise.