Password life expectancy down to seconds | ZDNet: "Deloitte touched on some of the same issues that Forrester analyst Eve Maler called out last week in her report on passwords, the fact that end-users, unfairly, bear the burden of onerous password creation rules. Maler argued that passwords are not going away and that companies need to come up with better strategies for managing passwords and password policies. Deloitte offered its own solutions, including multi-factor authentication that incorporates tokens, biometrics, and out-of-band authentication such as messages sent to a mobile phone. Deloitte also recommended best practices such as security policies and monitoring as ways to protect passwords. . . ."
VXers exploit users' confusion over Java to punt fake update • The Register: " . . . ads for a Java exploit that supposedly attacks a brand-new vulnerability were offered for sale through an underground hacking forum at $5,000 a pop. The ad has since been pulled. Although the claim from cybercrooks that they have discovered yet another unpatched Java security hole remains unsubstantiated, the potential threat is all too credible. Metasploit founder HD Moore reckons that Oracle is sitting on a backlog of Java flaws that will take up to two years to patch, even without the appearance of further problems. . . . "
more news below