via Micro$oft:

Microsoft's latest security lapse with its Passport information service could trigger a $2.2 trillion fine on the company courtesy of the US government. Microsoft on Thursday admitted that a flaw in the password reset tool of its Passport service could compromise the information stored on all 200 million users. It scampered to post a fix and is looking into potential exploits, but the damage to Microsoft may already have been done.

posted by js at 11:13

A long and interesting article detailing the Global Hell incidents from a few years ago and the leader of the group.

Yarbrough, the former prosecutor, agrees. "This guy overnight brought a gang mentality to the Internet." He calls Gregory the self-styled Al Capone of the Internet, deciding who could be in Global Hell and who they'd go after next. He says sometimes Gregory wouldn't let others join the gang until they pulled off their own crack.

posted by mt at 10:49

I have a new piece, Starting Over: Formatting and Reinstalling After a Security Incident, online at SecurityFocus. Check it out.

There is a point you reach in the recovery process, after you have done a little digging, put a finger on what might have gone wrong, where you come to the proverbial "fork in the road". Every security professional or systems administrator has faced the decision at some point in his or her career: is it better to try to repair the damage, or just reinstall the system and start from scratch?

This IT dilemma will plague us all at some point. In this article, we will examine the process of starting over, and more specifically, reinstalling as the result of a security incident. We will focus on the steps necessary to prevent a repeat intrusion, get your system back online and ensure a rapid response in the future should this happen again.

posted by mt at 09:02

From The Chosun ILbo:

The activist group accused Microsoft of introducing servers with security defects and failing to inform clients sufficiently of the risks.

posted by js at 09:18