Week in review: Zbot Trojan arrests, 0-day Firefox vulnerabilities and new (IN)SECURE Mag

Here’s an overview of some of last week’s most interesting news, interviews and articles:

Most security products fail to perform
Nearly 80 percent of security products fail to perform as intended when first tested and generally require two or more cycles of testing before achieving certification, according to a new ICSA Labs report.

(IN)SECURE Magazine issue 23 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 23 has been released on Monday.

First Windows 7 zero-day bug confirmed by Microsoft
The first Windows 7 vulnerability has been confirmed by Microsoft – a denial of service vulnerability in the Server Message Block (SMB) protocol that sends Windows 7 and Windows Server 2008 R2 into infinite loop and crashes it.

Raising security awareness in India
Securitybyte & OWASP AppSec Asia Conference 2009, India’s largest security conference, opened its doors on Tuesday. The conference, gathering many security experts and around 400 visitors, is scheduled to last 4 days.

Improved DNS security for .com and .net domains
Verisign, the company that manages the .com and .net registries, announced yesterday that it plans to start testing the DNSSEC soon and to finish deploying it across those two domains by 2011.

Best practices for DNS security
Securing the DNS must be a priority because it is so central to the proper functioning of every IP network. Most of the essential groundwork should be covered with standard IT processes for securing critical systems. The rest is simple due diligence.

Firefox 3.6 to prevent harmful add-ons
Version 3.6 of the Firefox browser will have a new feature called Component Directory Lockdown that prevents third-party applications to store their own code into the “components” directory, where most of Firefox’s own code is stored.

Data-stealing malware soars
From phony emails to Facebook phishers, cybercriminals are casting a wide net to lure online shoppers this season.

Gumblar is back with a vengeance
29% of all Web malware blocks in October 2009 were the result of Gumblar, which installs traffic sniffers and backdoors on Web surfers’ PCs and then uses stolen FTP credentials to compromise and backdoor websites.

Two arrested for Zbot Trojan
Officers from the Metropolitan Police’s Central e-Crime Unit have made Europe’s first arrests in the battle against the ZeuS or Zbot Trojan which threatened to compromise thousands of computers.

Q&A: Wireshark
Gerald Combs is the lead developer of Wireshark. In this interview, he discusses Wireshark in detail, with history details and features to what we can expect in the future.

Are 64-bit Windows inherently safer?
Microsoft has discovered a way to create the illusion that Windows 7 is more secure than its predecessors simply because it has a 64-bit version of the OS.
Alfred Huger, vice president of engineering at Immunet begs to differ.

Poisoned Google search results
Cyveillance reports that the latest emerging threat to the security of Internet users combines Google search with sites with un-updated software, such as often happens with blogs.

Zero-day vulnerabilities in Firefox extensions discovered
One of the reasons behind Firefox’s popularity is the availability of a vast library of extensions. The problem is, unbeknown to them, these extensions are exposing them to risk.

Don't miss