InfoSec links October 20, 2014

Finding a Video Poker Bug Made These Guys Rich -- Then Vegas Made Them Pay - Kevin Poulsen - WIRED

Williams could see that Kane was wielding none of the array of cheating devices that casinos had confiscated from grifters over the years. He wasn't jamming a light wand in the machine's hopper or zapping the Game King with an electro­magnetic pulse. He was simply pressing the buttons. But he was winning far too much, too fast, to be relying on luck alone.

Signed Malware = Expensive "Oops" for HP - Brian Krebs - Krebs on Security

Earlier this week, HP quietly produced several client advisories stating that on Oct. 21, 2014 it plans to revoke a digital certificate the company previously used to cryptographically sign software components that ship with many of its older products. HP said it was taking this step out of an abundance of caution because it discovered that the certificate had mistakenly been used to sign malicious software way back in May 2010.

Everything you need to know about the POODLE SSL bug - Troy Hunt - troyhunt.com

Which brings us to POODLE. Whilst I doubt we’ll see the same mass hysteria as we did last month, it is (and will continue) hitting the news and like the other two biggies this year, it’s serious enough to warrant attention and obscure enough to result in wild speculation and a general misunderstanding of the underlying risk. Let me share what I know based on the questions I’m hearing.