Week in review: Ubuntu security, first iPhone worm, social engineering in practice

Here is an overview of some of last week’s most interesting news, interviews and articles:

Ask the social engineer: Practice
One reader wrote in asking: “How can one practice social engineering before using it in the wild?” Answering is Chris Hadnagy, the lead social engineer and developer of the social engineering framework.

Record levels of spam, malware and Web-based threats
The number of new file-sharing sites hosting unauthorized, copyrighted content skyrocketed over the last three months, and spam, malware and Web-based threat creation has reached record levels in the last quarter.

Woman fired as a result of error in FBI criminal database
A senior accountant with Corporate Mailing Services, felt the full brunt of a mistake in the FBI’s criminal database when she was fired from her job and given only a few minutes to clear her desk and leave.

Global security best practices
The latest Microsoft Security Intelligence Report shares security best practices from countries that have consistently exhibited low malware infection.

Facebook spamming practices revealed
Dennis Yu, the CEO of BlitzLocal – an advertising agency that used to be “in the business of spam” – shares his thoughts and knowledge about Facebook spamming and advertising.

Top causes of identity fraud
According to 2008 claim data compiled by Travelers, burglary and theft of wallets, purses and personal computers provide thieves the best opportunity to gain access to personal information.

What information security might look like in a decade
Esther Dyson, a former chair of the Electronic Frontier Foundation and the ICANN, and a long-time successful investor in IT start-ups, shares her predictions about the future evolution of information technology.

Hardware hacker charged with aiding computer intrusion and wire fraud
Ryan Harris aka DerEngel, a hardware hacker/modder and author of a book on hacking cable modems has been charged with conspiracy, aiding and abetting computer intrusion and wire fraud.

Hacked iPhones held hostage
Dutch T-mobile customers that use jailbroken iPhones got a nasty surprise yesterday. A “message” popped up on their screen claiming that their iPhone’s been hacked and instructs them to visit doiop.com/iHacked and secure their iPhones.

Windows 7 vulnerable to most viruses
Windows 7 was touted as a big improvement on Vista, security aspect included. The Sophos team tested that assertion.

Backdoor access for millions of Facebook and MySpace accounts
Yvo Schaap, a young Dutch application developer on Facebook, stumbled on a back door into any user account that accesses the application he’s working on.

Major vulnerability in SSL authentication
PhoneFactor experts discovered a serious vulnerability in SSL that allows an attacker to mount a man-in-the-middle attack, and affects the majority of SSL-protected servers on the Internet.

Q&A: Ubuntu 9.10 security
Kees Cook and Gerry Carr of Canonical discuss the security improvements in Ubuntu 9.10, the security challenges the Ubuntu team faces as well as what the latest version of Ubuntu offers to the developer community.

Battle of the anti-virus: What is the best software?
AV-Comparatives.org recently released the results of a malware/cleaning capabilities removal tests with which they evaluated 16 anti-virus software solutions. Here are the results.

First iPhone worm discovered
Sophos reports that some Apple iPhone owners in Australia have seen their smartphones get infected by a worm that is capable of breaking into jailbroken iPhones if their owners have not changed the default password after installing SSH.