We’ve heard about the US electrical grid being compromised by possible Chinese hackers however the Wall Street Journal is now reporting that the Joint Strike Fighter project has been compromised as well.  The report says that several gigabytes worth of data were copied off the network.   The data was first encrypted therefore security experts are not sure what was stolen.  The lack of security with SCADA systems is one thing but how do you explain this involving a large DOD funded project?

Read the full article here: http://online.wsj.com/article/SB124027491029837401.html

Microsoft has recently released a fix to address the token kidnapping privilege escalation vulnerability which was discovered in March 2008.  Microsoft released an advisory in April 2008 instructing users how to protect themselves.  At the time Microsoft did not fix the root of the problem because it involved a low level design flaw in Windows XP and 2003 (the vulnerability did not exist in Vista & 2008 Server).

However with this month’s Patch Tuesday, Microsoft has released a fix that corrects the root cause of the token kidnapping bug.  This was major work that was done and it was released outside of a Service Pack — used for most fixes of this magnitude.  This fix was so large it involved hundreds of Microsoft programmers across several domains teams and more than 600,000 test scenarios were run to insure existing applications would not be affected.

You can read more details on the vulnerability and process Microsoft went through in resolving this issue here http://blogs.technet.com/msrc/archive/2009/04/14/token-kidnapping.aspx