Security Roundup 6/19/2007

Some interesting security related stories making the rounds.

Is The iPhone Insecure? Analysts are already debating whether the iPhone is going to be secure or not, with some saying Apple did not give one thought to Enterprise security.

Microsoft flaw opened door to scammers Microsoft fixed a bug Tuesday that had been allowing people to signup with fake email addresses, which in turn allowed them to “be” someone else while running Microsoft Messenger. Microsoft has no idea how long the flaw was available to users and had no idea how many fake accounts could have been created.

Cerulean Studios Trillian UTF-8 Word Wrap Heap Overflow Vulnerability Remote exploitation of a heap overflow vulnerability in Cerulean Studios Trillian Instant Messenger could allow attackers to execute arbitrary code as the currently logged on user. Solution: They have already released an update that fixes the problem here.

Bundled Products: Where the heck did this new toolbar come from? A researcher on stopbadware.org got some extra bundled software he didn’t like with Trillian. Same thing happened to me. That’s what we get for not reading EVERYTHING anymore.

Appeals Court Says Feds Need Warrants to Search E-Mail A federal appeals court on Monday issued a landmark decision (.pdf) that holds that e-mail has similar constitutional privacy protections as telephone communications, meaning that federal investigators who search and seize emails without obtaining probable cause warrants will now have to do so. “This decision is of inestimable importance in a world where most of us have webmail accounts,” said Kevin Bankston, a staff attorney for the Electronic Frontier Foundation.

Phishers and Malware authors beware! Google has released an API that will allow you to download from Google their list of suspected phishing and malware URLs, so now any developer can access the blacklists used in products such as Firefox and Google Desktop. Pretty cool.