Cisco warns that the combination of Cisco Security Manager server and the IPS Event Viewer (IEV) may allow unauthorised access to the underlying MySQL database or the IEV server.

A vulnerability has been discovered in the driver of a Ralink wireless card that can be exploited to crash the computers involved. Secunia adds that it has the potential to allow arbitrary code to be run in kernel mode.

VeriSign said it plans to buy Certicom, just three days after Research In Motion's hostile bid for the security company unraveled. VeriSign will pay US$1.67 per share, or $73 million, for Certicom, which develops an elliptic curve cryptography technology.

A security expert has managed to transfer the digital signature of one Windows program to another, without invalidating the signature. Didier Stevens, who presented the attack in his blog, exploited the fact that Microsoft's Authenticode code signing standard accepts the vulnerable MD5 hash algorithm.

ACME Security has described a way to neutralise cold boot attacks. Such attacks exploit the fact that data in the DRAM are not immediately lost when power is removed, but remain there for a period that may last from a few seconds to a minute, or even longer if cooling is in use.

We already knew that MD5 is a broken hash function. Now researchers have successfully forged MD5-signed certificates. This isn't a big deal. The research is great; it's good work, and I always like to see cryptanalytic attacks used to break real-world security systems. Making that jump is often much harder than cryptographers think.