Just got word that one of yesterday’s patch Tuesday flaws was a critical vulnerability in CAPICOM. We have been big CAPICOM advocates as it enables IE to do some great PKI stuff, and now it is time to get it patched.

We’re going to be alerting customers as soon as we get good lists of who is using it, but in the meantime, check out the link above and update yourself if you think you might have installed CAPICOM or used a website that uses it.

An interesting idea [via Slashdot ].

Hypponen thinks banks should have exclusive use of a new top-level domain: .bank. ‘Registering new domains under such a top-level domain could then be restricted to bona fide financial organizations. And the price for the domain wouldn’t be just a few dollars: it could be something like $50,000 — making it prohibitively expensive to most copycats.

Banking is definitely a sector in which age and experience go a long way. The problem is how to define what makes a bank legitimate (especially internationally) – and what happens if someone gets a hold of a .bank domain name.

Let’s hope that people don’t confuse .bank with /bank – though most current browsers are getting better at this sort of thing.

This attack is very cool [via Schneier on Security ]

With a flat panel display the aim is to tune into the radio emissions produced by the cables sending a signal to the monitor. The on-screen image is fed through the cable one pixel at a time. Because they come through in order you just have to stack them up. And Kuhn has worked out how to decode the colour of each pixel from its particular wave form.

Here is an image that was taken using this method:

In case you’re wondering laptops are not immune either.

I like this potential information stealing method because it goes for a very weak component of the system much like keystroke loggers do.

It’s the computer way of kicking a mugger in the groin, using caltrops to stop car chases, or feeding sharks before swimming with them so they don’t eat you.