Week in review: iPhone data harvesting, encryption key laws and security trends in 2010

Here’s an overview of some of last week’s most interesting news and articles:

Top 10 holiday threats
As the holidays bring an increase in online shopping, charitable giving and social interaction, consumers and businesses should be on guard against some common scams that occur frequently at this time of year.

Password attacks, tips and tricks
Almost a year ago, the Microsoft Malware Protection Center launched a honeypot FTP server with the intention of researching the attacks that normal users are subjected on an everyday basis.

Bit.ly steps up security
Bit.ly, one of the most popular URL shortening services, announced it will be integrating three new security-related services by the end of the year.

Microsoft’s security patches year in review: A malware researcher’s perspective
It’s no secret that Microsoft has had the lion’s share of security vulnerabilities. Its success as a company has made it the most obvious and profitable target for malware authors for nearly twenty years now.

Espionage 2.5.4
Espionage by Tao Effect is a discreet tool that integrates seamlessly with Apple’s Finder, and its main “reason of being” is to protect individual folders and applications by encrypting its contents.

Break Microsoft BitLocker encryption
Passware created the first commercially available software to break Microsoft BitLocker hard drive encryption.

Spam ring leader fined $16 million
Lance Atkinson, the Australia-based New Zealander that has been found guilty of organizing a spam ring along with American accomplice Jody Smith, has been fined with more that $16 million by the US Federal Trade Commission (FTC).

Most dangerous web domains
Africa’s Cameroon (.cm) has overthrown Hong Kong (.hk) as the Web’s riskiest domain, according to McAfee’s third annual Mapping the Mal Web report. At the opposite end, Japan (.jp) is the safest country domain.

Security concerns hinder cloud computing adoption
Concerns about the security of cloud computing environments top the list of reasons for firms not being interested in the pay-per-use hosting model of virtual servers.

Facebook privacy changes
Facebook CEO Mark Zuckerberg addressed Facebook users via an open letter and announced a few changes aimed at improving the privacy settings and allow users more control over personal information.

Wall Street Journal website vulnerable to SQL injection
A Romanian security researcher that goes by the handle “Unu” has made public his latest conquest. He managed to gain access to databases of the The Wall Street Journal using an SQL injection.

Handing your encryption key to authorities: US vs. UK law
Two years ago, a US federal judge decreed that a criminal defendant can’t be coerced into giving up the encryption key to his encrypted hard drive because that would constitute a violation of the 5th Amendment (the right not to self-incriminate). Things are very different in the UK.

Google Public DNS released
Today Google launched their own public Domain Name System (DNS) resolver called Google Public DNS that you can use as an alternative to your current DNS provider.

Security trends coming in 2010
Websense released its list of security predictions and trends anticipated for 2010. The emerging trends and predictions show an overall blending of security threats across multiple attack vectors.

iPhone data harvesting from non-jailbroken devices
Nicholas Seriot, a HES software engineer and iPhone developer and trainer held a presentation during which he demonstrated how non-jailbroken devices can be harvested for personal data using malicious applications.

Don't miss