Week in review: The future of malware, iTunes phishing attack and computer “health certificates”

Here’s an overview of some of last week’s most interesting news, articles, reviews, interviews and podcasts:

XSS flaws found on three security firms’ websites
A group of white-hat hackers has discovered various XSS vulnerabilities on websites belonging to three well-known security companies, and have reported it to the firms themselves so that they can fix them them as soon as possible.

How to cut costs and still remain secure
Whilst reduced spending may be good for the company’s balance sheet, often data security has been the trade off. Let’s look at the evidence.

Seven Deadliest Wireless Technologies Attacks
This book introduces the reader to the anatomy of attacks aimed at wireless technologies and devices that use them.

Massive iTunes phishing attack
Apple’s popular iTunes platform has become a major target for hackers looking to steal credit card data from the service’s millions of users.

Fake browser updates deliver fake AV or exploit kit
Not that long ago, Microsoft was warning users about rogue AV peddlers using compromised websites and fake browser warnings to urge them to download an “upgrade”/”solution for malware protection”.

How to block Flash in Safari
I’ve been using Safari as a primary browser and, until recently, it worked perfectly. In the past six months or so, I’ve been witnessing Safari constantly hanging and crashing. What was the problem with it?

Security exercise for information infrastructure protection
In this podcast, Dr. Vangelis Ouzounis, program manager of the CIIP program at ENISA, talks about the preparations for the first pan European CIIP exercise, shares some information on how it will be conducted and about ENISA’s future plans for this and other exercises.

Cryptome hacked, founder e-mail account ransacked
Cryptome.org, the well-known whisteblowing site, was hacked and all of its content (approximately 7GB of data) was deleted by the hacker who then left a message on the defaced home page.

Politically motivated cyber attacks
According to a new report, 53 percent of critical infrastructure providers report that their networks have experienced what they perceived as politically motivated cyber attacks.

A closer look at Knox for Mac
Knox is a Mac application that will allow you to create password-protected and encrypted vaults on your computer or to turn an external drive into one in order to securely move data from one Mac to another.

A phishing e-mail to learn from
A phishing attempt that makes even people who are very good at spotting them pause for a moment and take a good look is a perfect example on which to learn.

Are computer “health certificates” the answer for the botnet problem?
Back in March, at the RSA Conference in San Francisco, Corporate Vice President for Trustworthy Computing at Microsoft Scott Charney proposed to the audience and to the world the idea of confining infected computers into quarantine.

Large scale study of SSL configurations
Ivan Ristic is the director of engineering at Qualys and principal author of ModSecurity, the open source web application firewall. In this podcast he talks about the Qualys SSL Labs Internet-wide SSL survey and their recent release of the raw data from the survey.

Spammers using new URL obfuscation technique
Spammers and scammers are always on the lookout for new tricks to use to bypass URL filters and deliver the links to unsuspecting victims, and lately they have discovered that the use of the invisible “soft hyphen” – or “SHY character”, as it is sometimes called – in such links can help them do so.

Trojan overrides Firefox password-saving behavior
A curious new information-stealing Trojan that patches a core Firefox file in order to override the browser’s behavior has been discovered by Webroot researchers.

SANS London: Europe’s most extensive security training event
Terry Neal is the Director EMEA of the SANS Institute. In this interview he discusses SANS London 2010 training event in detail. Terry introduces the courses, the instructors and offers an overview of the event and what first-timers can expect when they attend.

Future malware will steal behavioral and relationship patterns
Whenever something of tangible value exist, there will always be those who will try to steal it, says a group of international researchers that recently published a paper on future malware threats.