It seems that online criminals aren't waiting for zero-day exploits to be found, but are now making their own: someone broke into the sourcecode for SquirrelMail, an open-source webmail client, and introduced a bug which allows arbitrary remote code execution. This was detected and rectified fairly quickly (mostly because the MD5s of the package were stored elsewhere), though anyone running one of the vulnerable version may want to check their server logs to make sure they're not hosting anything like this.

This is probably just the tip of the iceberg; it's not unlikely that criminals (or, for that matter, intelligence agencies) have attempted to introduce security holes into other pieces of net-facing software.

Meanwhile, Windows Vista now not only chews up your CPU cycles on behalf of the RIAA/MPAA, but also includes a random-number generator believed to contain a NSA security hole.

Want to say something? Do so here.

Note to spammers: This comment system applies the rel=nofollow attribute to the poster's URL and all links. Posting links to this page will not improve their search engine rankings.

Display name:
URL:(optional)
To prove that you are not a bot, please enter the text in the image on the right in the field below it.

Your Comment:

Remember my details.

Please keep comments on topic and to the point. Inappropriate comments may be deleted.

Note that markup is stripped from comments; URLs will be automatically converted into links.