Microsoft says Happy New Year! To celebrate, they started the year off slowly with only one Security Bulletin for the month of January. MS09-001 is a Critical Security Bulletin that addresses a few vulnerabilities with Microsoft's implementation of the SMB protocol. SMB is utilized for file and folder sharing on network. Successful exploit of the vulnerabilities could allow an attacker to execute malicious code on the target system remotely. The attacker could access data, change user or system settings, or install other malicious software such as spyware, or backdoors that might gather sensitive information from the PC or allow the attacker to secretly gain continued access.

Some security experts are concerned that this vulnerability has the potential for exploit by a malicious worm and that a successful malware attack could have a severe impact similar to past threats such as Sasser or Blaster. Take a look at the summary January 2009 Microsoft Security Bulletins for more information about this threat and the links to get the appropriate patches or updates to protect your PC.

It was big news when security researchers recently announced that they had broken SSL. If you are not a securiy researcher, or at least an information security professional, you might ask "what is SSL". In a nutshell, SSL (which stands for Secure Sockets Layer) is a protocol that allows for secured connections over the Web. What you might be more familiar with as a common user is either a little padlock icon at the bottom of your browser that illustrates a secure connection, or the fact that the URL starts with 'https' rather than just 'http'.

However, the security of connections over the SSL protocol are based on the integrity of the certificate being used by the site in question to authenticate or validate that it is, in fact, the server you are supposed to be connecting with. Inherent trust has been placed in the underlying certificates. If an attacker can create a fake certificate, then they can also set up a counterfeit server which will appear to be secure and give you the little padlock icon or whatever other 'warm fuzzy' lets you know that your web surfing is safe.

What the researchers were able to accomplish was to crack the MD5 encryption hash (using a cluster of Sony PS3 game consoles) and create a fake certificate which is accepted and trusted as if it were from the legitimate certificate authority. Aladdin points out that it is MD5 that is broken, not SSL. That is true.

The MD5 algorithm has been known to have weaknesses for years. Reliable and established certificate authorities like Verisign or Thawte should not be relying on MD5 encryption for their certificates anyway. For the most part, users do not need to be concerned that this will be commonly exploited or become a widespread threat...yet. The bigger concern really is that security experts thought that attackers couldn't gather enough processing power to crack the algorithm, yet they did it by combining the processing power of gaming consoles. As the next generation compute CPU's and gaming consoles evolve, encryption algorithms, particularly older algorithms, will become easier targets. Just because an encryption technique is secure today does not mean it will be secure next year.

Do you 'tweet'? That is the term used for individual posts or comments on the social networking site Twitter. You can check out 'What is Twitter' from the About.com Guide for Web Trends Dan Nations if you want to know more about how the service works. But, if you are one of the millions of 'tweeters', you should be aware of some recent security issues with the service.

First, there has been a phishing scam circulating that impacts Twitter. Twitter users receive private messages which should only be able to be sent from trusted Twitter friends inviting them to check out a cool site or funny video. When they click on the URL they are taken to a very convincing fake Twitter login page. Logging in allows the attackers to capture the Twitter usernames and passwords. Stealing Twitter identities is hardly as lucrative as stealing credit card or bank account numbers, but once they have that information they can continue to use the compromised accounts to lure users into other phishing scams and malware sites.

As if that is not enough, Twitter has also been victimized by attackers who managed to hack into the Twitter accounts of a number of celebrities and famous people such as Barack Obama and Britney Spears. One of the most well-known Twitter users, CNN's Rick Sanchez also had his Twitter account hijacked. The attackers posted a 'tweet' that appeared to be from Rick stating "i am high on crack right now might not be coming into work today". Twitter has stated that these hacks are not a result of the phishing attack, but rather a vulnerability or weakness in some internal support tools. Twitter has subsequently taken those tools offline until they can get them properly secured.

When you're preparing for a certification exam you can never have too many tools. Hands on experience is always the best teacher. Taking classes, whether at a physical location or via the Web, can be valuable a well. Many people simply read books on the certification subject(s) and try to train themselves on the subject matter. All of that is great until the exam is right around the corner.

When the exam is around the corner it is too late to learn the material really. However, it is a perfect time to drill the material and cement it in your brain to ensure you can recall it in the blink of an eye while taking the exam. There are a variety of books, software applications, and web sites dedicated to exam prep and exam cram type materials. Pearson Publishing announced that they are adding a new tool to the certification exam-taker's arsenal.

CertFlashcardsOnline.com will provide a browser-based flashcard engine that users can access from desktops, laptops, or even mobile devices, enabling them to do some exam cramming anytime and anywhere. “In today's environmentally conscious digital society, it makes sense for certification candidates to use electronic flash cards instead of those made from paper,” said Tim Warner, Product Editor for Cert Flash Cards Online and host of the InformIT Certification Reference Guide. “Most folks carry a laptop or a Web browser-enabled mobile phone or PDA, so why not save some trees by using the online Cert Flash Cards?”

You can learn more about the site and the certifications Pearson currenty has available by visiting CertFlashCardsOnline.com