Week in review: Firesheep countermeasure tool, Facebook bug and Barracuda bug bounty program

Here’s an overview of some of last week’s most interesting news, articles and reviews:

Firesheep countermeasure tool BlackSheep
Zscaler researchers have created, and are now offering to every consumer, a free Firefox plugin called BlackSheep. BlackSheep combats Firesheep by monitoring traffic and then alerting users if Firesheep is being used on the network.

Mismanaged data encryption causes financial loss
Venafi invited the 150-plus survey participants from the world’s largest companies to give their views on the problem of downtime caused by increasing encryption deployments, coupled with an acute lack of enterprise management controls.

Royal Navy site hack forces MoD to suspend website
A Romanian hacker known as ‘TinKode’ has claimed to have broken into the main British Royal Navy website, www.royalnavy.mod.uk, and posted sensitive information such as usernames and administrator passwords.

Microsoft offers Security Essentials via Windows Update, Trend Micro objects
Trend Micro is crying foul over the latest Microsoft move that sees its U.S. customers being offered to install the company’s free Security Essentials solution through the Windows’ Update service – if no antivirus solution is detected on the system.

Employees will take bigger risks during this holiday season
Employees in the US plan to spend less time shopping online from a work-supplied computer this holiday season than they did a year ago, but more of them are engaging in risky online behavior, according to an ISACA survey.

Data breaches cost hospitals billions
Data breaches of patient information cost healthcare organizations nearly $6 billion annually, and that many breaches go undetected, according to a study by the Ponemon Institute.

Latest IE 0-day exploit finds its way into Eleonore toolkit
Microsoft will likely be forced to issue an out-of-band-patch for the zero-day vulnerability affecting Internet Explorer that has been discovered being exploited in the wild less than a week ago.

Man loses millions in computer virus-related scam
A US court has heard that a couple conned at least $6 million from the great-grandson of an oil industry tycoon after he brought his virus-infected computer in for repair.

A viable answer to the botnet problem?
As the recent case of the Bredolab botnet takedown has shown yet again, going after C&Cs is ultimately a failed tactic for shutting botnets down. Obviously, it is time to try something new, and two security researchers from Miami might be on the right track.

Seven Deadliest Network Attacks
Part of Syngress’ “The Seven Deadliest Attack Series”, this book introduces the reader to the anatomy of attacks aimed at networks: DoS, MiTM, war dialing, penetration testing, protocol tunneling, password replay and spanning tree attacks.

Hotmail gets full-session HTTPS
Firesheep’s developers can be satisfied. Not only has Microsoft started contemplating SSL for Bing but has also provided its Hotmail users with the option of using HTTPS throughout their sessions.

Security vendor launches bug bounty
Barracuda Networks announced their Security Bug Bounty Program, an initiative that rewards researchers who identify and report security vulnerabilities in the company’s security product line.

A closer look at NetShade for Mac
NetShade makes your presence on the web anonymous by routing your connection through a proxy server and acting as the middle-man in your connection. The proxy server is the only one making connections to the sites you visit, and only the proxy’s IP address is seen by those sites.

Targeted attacks focus on nationalistic and economic cyberterrorism
When it comes to dangerous Web threats, the only constant is change and gone are the days of predictable attack vectors. Instead, modern blended threats such as Aurora, Stuxnet, and Zeus infiltrate organizations through a variety of coordinated tactics, usually a combination of two or more.

Facebook bug compromises top pages
A customer of Sendible, an online marketing service for promoting and tracking brands through the use of social media, e-mail and SMS messaging, has inadvertently discovered a flaw in Facebook API.

Security concerns make 1 in 3 users avoid online banking
1 in 3 people don’t use online banking because they’re concerned with safety and almost 50 percent are at least wary of online banking. That leaves just 20 percent of those surveyed with a confident approach to accessing financial accounts using the Internet.

Facebook “love button” app links to malware
If you spot a Facebook post or a message that advertises an application that will let you “unlock” a “love” (<3) button if you run it - don't do it. If you do, you will be actually running a malicious Java applet that downloads a password-stealing Trojan. Palin e-mail hacker sentenced
After a number of delays, former University of Tennessee student David Kernel has finally received his sentence for compromising Sarah Palin’s Yahoo! e-mail account back in 2008.




Share this