RSS Alerts

Share

More services

Related Links

Related Stories

  • Cracked USB drives show NIST certification is not so secure
    Vendors of encrypted USB drives are recalling their NIST-certified products and issuing security updates after a fundamental flaw was found in the way that information is accessed. The flaw enables attackers to access encrypted data without trying to tackle the AES256 encryption algorithm used by the drives.
  • iPhone banking trojan creates botnet from Apple devices
    A third piece of iPhone malware has appeared, pushing the envelope further than ever before by creating a botnet of infected devices and acting as a banking trojan.
  • Facebook moves to save face on T&Cs
    Social networking giant Facebook has back-tracked on a controversial decision to retain users' information, even when they close their accounts.
  • American confidence in web surfing not matched by security measures
    A majority of Americans believe they are safe using their home computers to surf the web, yet only one-third of those surveyed had robust security installed on their home PCs, according to a survey by the National Cyber Security Alliance (NCSA) and Norton by Symantec.
  • What’s in store for 2010?
    The Noughties are behind us now, but memories of a decade of data breaches will continue to haunt the infosec professional. If only there was a way of knowing what the threat landscape would look like in the months to come. Well you’re in luck as Davey Winder has dusted off the crystal ball and spoken to a broad church of infosec professionals to get some informed predictions for 2010

Top 5 Stories

News

Weekly Brief, March 8, 2010

08 March 2010

Infosecurity US rounds up the significant events from the last week.

The big news event last week, of course, was the RSA conference. Newly appointed government cyber czar Howard Schmidt said that cyber war doesn't exist, which will comfort all the private sector organizations – including McAfee, whose executives sat on the CSIS advisory panel for cybersecurity – who think that it does.

Talking of cyber warfare, a pair of researchers with TippingPoint created a weather application for jail broken mobile phones that co-opted them to a botnet, and collected 8000 iPhones and Android phones as part of their infection process. This is a particularly significant event, given that the recent cyber warfare simulation conducted by the Bipartisan Policy Center used a similar scenario as the basis for an attack.

Unfortunately, botnets created by security researchers were not the only ones to be unveiled at the RSA conference. BlackEnergy 2, a Russian banking trojan, was unmasked by the ever-insightful Joe Stewart, security researcher at Atlanta-based SecureWorks. The trojan developed out of the original BlackEnergy, which he said was involved in the cyber attacks against Georgia during the conflict with Russia.

As one new botnet thrived, another bit the dust this week. Mariposa (which means butterfly in Spanish), was dismantled, stopping its controllers from stealing bank and password and conducting other nefarious online activities. Spanish authorities have arrested three men accused of controlling the botnet's 12.7 million PCs.

Not content with appointing a new senator, the State of Massachusetts also added a new data privacy law. 201 CMR 17 went into effect on March 1, and stipulated preventative measures, rather than focusing on data breach disclosure after the fact.

Blogs and news outlets are suggesting that in 2004, Facebook CEO and anti-privacy urchin Mark Zuckerberg hacked into the email accounts of two journalists using data obtained from Facebook's logs.

Here's a new approach to destroying evidence: according to excellent crime and punishment blog The Smoking Gun, a New York City man swallowed a flash drive while in the custody of Secret Service agents during a federal raid. After failing to pass the offending item for four days, he was somewhat ironically charged with obstruction of justice. It's certainly a novel way to bung up the judicial system.

What is it with USB devices and security this week? US-CERT issued an advisory warning that the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access.

12 000 patients had their personal information exposed after a former employee of the University of Texas Southwestern Medical Center was found in possession of patient billing data.

Oh, the irony – according to a study from wireless security company Motorola AirDefense, 116 wireless clients were found to be associated with 315 ad hoc networks. Ad hoc networks, which you'll often find with names such as "Free Public WiFi", are client-to-client networks, rather than wireless access points, and they represent a security risk if a malicious client wants to pose as a legitimate network. Most networks using encryption were also vulnerable to attack. Almost two-thirds were using the now defunct WEP security standard. 

This article is featured in:
Data Loss  • Encryption • Internet and Network Security • IT Forensics • Malware and Hardware Security • Public Sector  • Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012