Week in review: Exploitable PDF feature, Google phishing detection and Facebook privacy changes

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

90% of critical Windows 7 vulnerabilities are mitigated by eliminating admin rights
The results demonstrate that as companies migrate to Windows 7 they’ll need to implement a desktop Privileged Identity Management solution.

Facebook to share your data with “pre-approved” third-party sites?
Facebook released a plan to revise its privacy policy again. Among the features they propose to incorporate is one that includes sharing your “General information” with third-party websites that they pre-approve.

Microsoft releases out-of-cycle IE security patch
Microsoft released a cumulative security update which resolves nine privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer.

There is no such thing as Facebok AV
A rogue application claiming to be a Facebook AV has been spreading through the Friends list of its targets.

Q&A: Remote access and Entrust IdentityGuard
Mike Moir is a Product Manager for the Entrust IdentityGuard solution – an authentication platform that meets diverse needs for strong second factor authentication. In this interview he tackles issue related to remote access and talks about Entrust IdentityGuard.

What’s your SEO poison?
In the last year, attackers have poisoned search results on everything from celebrity news to Google Wave invitations. But what makes these attacks such a success?

A closer look at Steganos Safe
Steganos Safe creates a password-protected virtual safe, shreds unwanted files permanently, deep cleans the free spaces on your hard and external drives and blocks unauthorized access to e-mails with one click encryption.

Researcher exploits PDF file without using a vulnerability
Didier Stevens, security researcher and expert on malicious PDF files, has succeeded in creating a proof-of-concept PDF file that uses the launch action triggered by the opening of the file to execute the embedded malicious executable.

Unlike popular belief, short links on Twitter aren’t malicious
Twitter, and the URL shorteners it has helped to popularize, have long been blamed for leading users to malicious sites. But, as it turns out, this is far from true.

Cloud computing security: An insider’s view
In this video, Randy Barr, CSO of Qualys, talks about cloud computing security from an insider’s point of view. He illustrates what a security professional has to go through when building a security program for a cloud environment.

Swiss privacy: Myth or reality?
How is privacy impacting Swiss banks? It’s time for a change according to Dr. David Costa, Professor at Robert Kennedy College who comments on Bloomberg TV.

Stalker jailed for planting child porn on a computer
An elaborate scheme to get the husband of a co-worker he was obsessed with locked up in jail, backfired on Ilkka Karttunen, a 48-year from Essex.

1,800 Office bugs discovered by Microsoft’s “fuzzing botnet”
Microsoft used its own idling PCs in every part of the company, connected them all into one “botnet” and threw a massive amount of invalid, unexpected and random data at Office 2010 to test its code.

Silent auto-patching for Flash plug-in within Chrome
Adobe and Google announced a partnership that will see Google’s Chrome browser installing and automatically updating Adobe’s Flash Player.

How to detect a phishing site, the Google way
Google analyzes millions of pages per day when searching for phishing behavior. This kind of activity is, of course, not done by people but by computers. The computers are programmed to look for certain things that will identify the page as a phishing site.

Advice on securing Web applications
In this podcast, Cenzic’s Mandeep Khera advises on the steps companies should take in their quest for security and remarks on the continuous nature of the process of securing Web applications. He also enumerates the various resources, organizations and offerings that can help them get started.

Global response to Conficker threat: Model for future cyber threat response?
The Conficker Working Group proved to everybody that security researchers and Internet infrastructure providers around the world and working for many different companies can work together towards a common goal.




Share this