In a posting on its Code blog, Google has announced that in order to help protect users' data it is to start requiring the use of SSL security in a broader range range of products than at present. In particular, increased support for SSL will be added to the Google APIs for use by developers of third party applications. Currently, SSL is already used by Google's technical documentation, client libraries and code sample, but in future, "Many new APIs and versions will be SSL only."

Users are likely to be familiar with the use of SSL in Gmail, and addition last year of optionally using SSL when performing a Google search. In future, all API requests for Google Documents List, Google Spreadsheets and Google Sites will have to use secure connections. From 15 September 2011, all such requests will be rejected if they use standard HTTP rather than HTTPS. Developers using the latest versions of the Google Data client libraries will need take no further action, as those libraries use SSL for all API requests. But developers not using the Google libraries will need to change all relevant URLs.

Google suggests that developers convert all their client applications as soon as possible, and refers them to the relevant documentation, in particular, the recently updated API documentation for Google Documents List, Google Spreadsheets and Google Sites .

Source: H-Online.com

The fundamental problem of private communication is ensuring its security.

That's always been a tricky task but in recent years, cryptographers have added a powerful new weapon to their armoury: quantum key distribution. With this tool, it is possible to use the bizarre properties of the quantum world to send a message in such a way that guarantees its security.

The security of this system is a fact of nature. In the language of cryptography, quantum key distribution it is information-theoretically secure.

The second day of the Pwn2Own competition, organised by the Zero Day Initiative (ZDI) team at security researchers TippingPoint, was devoted to iPhone and BlackBerry. Charlie Miller exploited a vulnerability in the mobile version of the Safari web browser on iOS 4.2.1 to delete the address book when a manipulative website was visited. However, the first attempt failed when the browser merely crashed. But the second attempt succeeded and earned Mr Miller $15,000 and an iPhone. Miller had help from Dion Blazakis.

To get around data execution prevention (DEP) on the iPhone, Miller used Return-Oriented Programming (ROP), in which no code is placed on the stack; instead, addresses that call existing code fragments are. Miller says his exploit does not, however, work on the recently published iOS version 4.3, where Apple has implemented Address Space Layout Randomization (ASLR) for the first time. Libraries are now loaded to random addresses, thereby preventing ROP from working without further work. However, the vulnerability that Miller exploits remains in iOS 4.3.

Another DDoS (Distributed Denial of Service) attack has been mounted by the internet activist group Anonymous. Since around late afternoon GMT on Wednesday 9 March, the site of Broadcast Music Incorporated, (www.bmi.com), a performing rights society in the USA, has been difficult to access. At the time of writing, Thursday morning GMT, the site is again inaccessible. Broadcast Music Incorporated is a not-for-proft corporation which collects licence fees on behalf of music publishers, composers and songwriters, distributing the resulting funds as royalties.

The BMI had posted an announcement on their site which explained that the site was subject to an attack which had only restricted external access to the site, and that the company had not been subject to any breach of security; no data had been accessed. The company pointed the finger at the activist group, stating that it believed the motive was "part of their misguided campaign to attack creative rights. The group has launched attacks on other agencies around the world representing creators in the past."