Week in review: DDoS Trojan, PCI 2.0 and Android kernel security flaws

Waterfall Security: Trust issues with your firewalls? Eliminating vulnerabilities that accompany firewalls is a click away.

Here’s an overview of some of last week’s most interesting news, interviews, articles and reviews:

Facebook discovers and “punishes” UID-selling developers
The recent discovery that some Facebook application were inadvertently forwarding users’ UIDs to advertising agencies and data collection companies has spurred the social network to investigate the matter thoroughly and to try to think of a platform-wide solution that would prevent that from happening ever again.

Spying app kicked out of Android Market
Secret SMS Replicator, a spying application that forwards contents of a user’s text messages to the phone of the person who installed it in the first place, has been booted out of the Android Market.

New DDoS Trojan used for downing dissident sites
A new DDoS Trojan connected with a slew of attacks against Vietnamese blogs has been discovered by SecureWorks.

Fixing weak passwords
Passwords have been present in information technology since the earliest days, but it’s only in the last five years that computers have become powerful enough to crack common passwords in a sensible time-frame.

No big bang in PCI 2.0
As expected, PCI 2.0 rolls up a number of minor changes, but there really is no Big Bang in this document. A number of people have been disappointed by this since for the past 2 years expectations have been built up that version 2.0 would “cure all ills’.

Dissecting the Hack: The F0rb1dd3n Network (Revised Edition)
Part fiction, part reference manual, its target audience are people who want to or should know more about information security, but can’t keep their attention onto the subject for long enough to learn or can’t translate technical details into a believable, realistic scenario.

Smart grid security facts
Tony Flick has worked for over eight years in the security industry and is currently a Principal with Tampa-based FYRM Associates. In this interview he discusses smart grid security and the related challenges as well as his book – Securing the Smart Grid.

Android kernel riddled with high-risk security flaws
A shocking number of high-risk security flaws in Google’s Android smartphone OS have recently been discovered by security firm Coverity.

Perverted Facebook hacker targeted women
The recent arrest of a 23-year-old California man that has allegedly hacked e-mail accounts of more than 170 women and posted sexually explicit pictures found within them to the victims’ Facebook accounts, has highlighted the need to limit the amount of personal information posted on various social networks.

Popular online services graded on SSL implementation
It seems that Firesheep has succeeded where similar tools have failed in the past: the issue of full end-to-end encryption for all websites – especially the most popular ones – is finally getting the attention it deserves.

Hole in iPhone PayPal app allows account hijacking
The flaw doesn’t affect the PayPal site or the company’s Android application, but the 4+ million people who downloaded the iPhone application so far are in danger of getting their passwords intercepted by a hacker if they connect over unsecured Wi-Fi networks.

New IE 0-day exploit code found in the wild
This malicious code has been found on a single website, which has since then been taken down.

Sextortionist hacker caught by FBI
This has not been a good week for perverts on the Internet.

A closer look at Sophos Anti-Virus for Mac Home Edition
The Home Edition of Sophos’ Anti-Virus for Mac is a full-featured and free anti-virus solution for home users. It stops, quarantines and cleans up threats that try to infect your computer. It detects both Mac and Windows malware.

Myanmar cut off the Internet ahead of elections
The Southeast Asian country of Myanmar (formerly known as Burma) has been practically cut off the Internet as an extensive DDoS attack that started in late October has crippled most network traffic in and out of the country.

ZeuS attackers set up honeypot for researchers
Every criminal that wants to keep being successful must know his opponents and hide details of his actions well, so it is no wonder that online criminals are resorting to planting honeypots and fake information for security researchers and competitors to find.

New variant of Boonana Trojan discovered
With a quick glance, Boonana may look like a variant of Koobface, but it has been confirmed that is a new unique piece of malware which does not share a common code-base with it.