Virtualisation and cloud computing race ahead of security practices

The rush toward virtualisation of internal enterprise computing resources and cloud computing can have many advantages, such as server consolidation, but it's largely outracing traditional security and identity management practices. That's leaving huge gaps, a sense of chaos and questions about where security products and services should be applied in the world of multi-vendor virtual-machine (VM) hypervisors.

Backdoored vsftpd Source Code Served from Official Site

Unidentified attackers have managed to backdoor the official vsftpd source package prompting the project's administrator to issue an alert and switch hosting providers.

Vsftpd is a popular FTP daemon used by some important open source projects. It is developed and maintained by reputed vulnerability researcher Chris Evans. "Earlier today, I was alerted that a vsftpd download from the master site (vsftpd-2.3.4.tar.gz) appeared to contain a backdoor," Evans announced on his blog on Sunday.

Chrome OS has security flaws, claims researcher

Google may see its Chrome operating system as more secure than traditional alternatives, but one security researcher believes the cloud-based OS is vulnerable, according to a Reuters story published yesterday.

WhiteHat Security researcher Matt Johansen said he found a flaw in a Chrome OS application that he was able to exploit to gain control of a Google e-mail account. Though Google fixed the flaw after it was reported, Johansen claims to have discovered other applications with the same flaw, Reuters said.

Microsoft uncovers scary virus

Software giant Microsoft has found a rootkit which is so nasty you will have to re-install your operating system to get rid of it.

The Trojan "Popureb" digs so deeply into the system that not even the finest Volish spinners can dig it out. The only way to deal with it is to return Windows to its out-of-the-box configuration.