Staff Writers's blog

Australian information security companies Stratsec and SIFT have merged.

The new company employs a total of 65 people, with no staff being made redundant from either SIFT or Stratsec during the merger. The new company will retain the stratsec name and recruit 4-5 new staff immediately with a view to further expansion later this year, according to the new company's CTO and SIFT founder Nick Ellsmore.

Microsoft's senior security strategist, Steve Riley, has been made redundant.

After more than 10 years working for Microsoft, Riley fell the victim to a restructuring program last Tuesday. "As a part of Microsoft’s second round of restructuring, my position was eliminated yesterday and my employment with Microsoft has ended," Riley wrote on his blog. "I'm certainly not disappearing... I'll remain involved in the security industry."

Introducing Kon-boot, a new tool that allows users to bypass password authentication on Linux and Windows machines by altering the kernel on the fly.

It's just another way to get full privileges once you have physical access, but it looks nice and simple and even supports Windows 7 for Chrissakes!

It's free and you can get it here.

The maintainers of the Debian Linux distribution have added support for a FreeBSD kernel.

The move seems to be an attempt to offer the BSD kernel within the Debian Linux userland environment. Users who install Debian's FreeBSD kernel will be able to use the BSD packet filter, pf, as well as other BSD-specific security features like jails.

Microsoft has warned customers of the "severe" threat posed by an as yet unpatched PowerPoint vulnerability.

The vulnerability affects versions of PowerPoint running on Windows and Apple OS X, security-vendor McAfee has reported.

The stark warning came this morning as Microsoft posted a security advisory and new entry on its Malware Protection Centre website.

The team behind DroneBL, which monitors abusable IPs, claims to have uncovered a botnet comprised of hacked consumer-grade routers.

The group claims the botnet has been targeting DroneBL's servers in a denial-of-service campaign for several weeks and is the first of its kind. It uses brute-force password cracking attempts to hijack any Linux mipsel routing device that uses insecure or common username and password pairs.