Week in review: Breaking SSL, geotagging risks and the first SMS Android Trojan

Here’s an overview of some of last week’s most interesting news, articles and videos:

How to render SSL useless
In this video from OWASP AppSec Research 2010, Ivan Ristic from Qualys talks about breaking SSL.

Alleged RBS WorldPay hack ringleader extradited to the U.S.
The Register reports that he was arraigned on Friday, and is facing several hacking, fraud and theft charges. He pleaded not guilty on all charges.

Colleges breach students’ sensitive information
Some universities have been known to use a student’s Social Security Number (SSN) as their student identification number, sometimes displayed on a student ID card.

India plans to raise own cyber army
Offering amnesty from prosecution for hacking activities, the Indian government is planning and hoping to attract IT experts and ethical hackers and recruit them into the national “cyber army”.

It’s time to be proactive on cybersecurity
What are the methods for building a more offensive security strategy?

Domain name registration scam halted
The FTC has permanently halted the operations of Canadian con artists who allegedly posed as domain name registrars and convinced thousands of U.S. consumers to pay bogus bills by leading them to believe they would lose their Web site addresses unless they paid.

Security B-Sides: The anti-conference
In this video, co-founder Chris Nickerson talks about the concept and history behind the event, what’s happening this year, as well as some future plans.

6 million malicious files found in the past 3 months
With approximately 55,000 new pieces of malware that appear everyday, globally AutoRun malware and password-stealing Trojans round out the Top Two malware threats.

Hippo-vomiting Anaconda scam targets Facebook users
Sophos is warning Facebook users about a virally spreading survey scam.

First SMS Android Trojan
The first SMS Trojan made specifically for smartphones running Google’s Android OS has been detected by Kaspersky, and it seems that quite a few devices have been infected already.

A closer look at MacCleanse
MacCleanse is a small application that safely erases caches, logs, cookies, histories, and more. It provides detailed information on each item it cleanses, and can even securely wipe files.

Expert’s biggest worry is foreign-backed government spying
Spying by foreign-backed governments to steal corporate information was the greatest concern identified by nearly 62 percent who participated in a recent survey.

Millions of Coldfusion sites need to apply patches
ProCheckUp were able to access every file including username and passwords from a server running ColdFusion. A standard web browser was used to carry out the attack, knowledge of the admin password is not needed.

Source of recent malicious malware campaigns
The Red Condor security team issued a warning of a new sophisticated email malware threat that is disguised as misdirected personal emails with executable attachments.

Geotagging risks and solutions
The ubiquitous automatic geotagging of pictures taken with smartphones and digital cameras and then posted on the Internet could prove to be a real security risk.

3,000 online banking customers robbed through targeted ZeuS attack
It took only a month to compromise some 3,000 private and business accounts with one of the largest financial institutions in the U.K., warns M86 Security in its latest white paper.




Share this