…gleaned from Pundit Kitchen:
Every ecology has its parasites. Every ecology has its blood-sucking parasites. It’s only natural. There’s no point in being angry. Just as a parasite fools the immune-system defences of an organism, the “Cookie Monster” fools a system into giving up its authentication cookies. Sigh.
Websites used for email, banking, e-commerce and other sensitive applications just got even less secure with the release of a new tool that siphons users’ authentication credentials – even when they’re sent through supposedly secure channels.
Dubbed CookieMonster, the toolkit is used in a variety of man-in-the-middle scenarios to trick a victim’s browser into turning over the authentication cookies used to gain access to user account sections of a website. Unlike an attack method known as sidejacking, it works with vulnerable websites even when a user’s browsing session is encrypted from start to finish using the secure sockets layer (SSL) protocol.
According to Mike Perry, the creator of CookieMonster, websites that appear to be vulnerable to the attack include united.com, bankofamerica.com, register.com, netflix.com, and a host of other big-name online destinations. Errata Security’s Rob Graham, who introduced Sidejacking tools a little more than a year ago, says Gmail is not vulnerable as long as a recently implemented https-only option is turned on. But Google Docs, Google’s Blogger.com and Google Finance remain wide open.
The vulnerability stems from website developers’ failure to designate authentication cookies as secure….
…To find out if your bank is susceptible, clear all cookies and then log in to the site. Next, clear all cookies marked as “SECURE” (in Firefox, go to preferences > privacy > show cookies. Delete only the cookies marked as “Encrypted connections only”). Then visit the site again. If you’re logged in, there’s a strong chance the site is wide open.
Every once in a while I run across an article about tardigrades and how unusual, tiny, cute, and common they are. Usually the article is accompanied by a 3D-looking image of a tardigrade. The poor little thing has been freeze-dried and scanned by an electron beam. Here’s an image of living tardigrades. And here are some resources about tardigrades.
A tiny electrical leak between components has caused some damage to the Large Hadron Collider. It will be off for a couple of months while its components are allowed to warm up and then are repaired. The story is at Live Science. “CERN announced Thursday [the 18th] that it had shut down the collider last week.”
Experts have gone into 17-mile (27-kilometer) circular tunnel housing the Large Hadron Collider under the Swiss-French border to examine the damage that halted operations about 36 hours after its Sept. 10 startup, said James Gillies, spokesman for CERN, the European Organization for Nuclear Research.
“It’s too early to say precisely what happened, but it seems to be a faulty electrical connection between two magnets that stopped superconducting, melted and led to a mechanical failure and let the helium out,” Gillies told The Associated Press.
Gillies said the sector that was damaged will have to be warmed up well above the absolute zero temperature used for operations so that repairs can be made — a time-consuming process.
Naturally, it’s not REALLY operating at absolute zero: that would really be science news!
The Microbial Life Educatonal Resources web site has educational resources for students and teachers of microbiology. It is maintained by Carleton University in Ottawa.
Subject areas include: