suraj.sun writes "Major browser makers are beginning to revisit how they handle Web authentication after last month's breach that allowed a hacker to impersonate sites including Google, Yahoo, and Skype. Currently, everyone from the Tunisian government to a wireless carrier in the United Arab Emirates that implanted spyware on customers' BlackBerry devices and scores of German colleges are trusted to issue digital certificates for the largest and most popular sites on the Internet."

nk497 notes the news that a group of researchers calling themselves the Microsoft-Spurned Researcher Collective (the name is a play on Microsoft's Security Response Center) have come together to protest Microsoft's perceived heavy-handedness towards researchers who disclose security flaws. Pushed into action by the reception to the flaw disclosed by Tavis Ormandy, the group has released full details and exploit code for a previously unknown Windows local privilege escalation vulnerability. The advisory for the vulnerability, which affects Windows Vista and Windows Server 2008, contains the following manifesto: "Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry (and some not from the industry) have come together to form MSRC: the Microsoft-Spurned Researcher Collective. MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer."

dnaumov writes "FreeNAS, a popular, free NAS solution, is moving away from using FreeBSD as its underlying core OS and switching to Debian Linux. Version 0.8 of FreeNAS as well as all further releases are going to be based on Linux, while the FreeBSD-based 0.7 branch of FreeNAS is going into maintenance-only mode, according to main developer Volker Theile. A discussion about the switch, including comments from the developers, can be found on the FreeNAS SourceForge discussion forum. Some users applaud the change, which promises improved hardware compatibility, while others voice concerns regarding the future of their existing setups and lack of ZFS support in Linux."