Week in review: Online shopping safety, malware hybrids and Packet Wars

Here’s an overview of some of last week’s most interesting news, articles and reviews:

Google Apps Script API flaw allowed attacker to impersonate Google
Details about a recently discovered and exploited vulnerability that allowed a 21-year-old Armenian hacker to harvest GMail addresses and send to their owners a message coming from a legitimate Google e-mail address are still unknown, but the vulnerability has been patched.

Malaysian hacker breached Federal Reserve and DoD contractor networks
When agents arrested Malasyian Lin Mun Poo on account of selling US$1,000 worth of stolen credit card numbers just hours after he arrived in the U.S., they probably weren’t expecting to find on his laptop more than 400,000 stolen credit and debit card account numbers.

How to choose a web vulnerability scanner
Robert Abela is a Technical Manager at Acunetix and in this interview he discusses the process of choosing a web vulnerability scanner and underlines several factors that should be taken into consideration in the decision-making process.

Are malware hybrids the next big threat?
Recent encounters with hybridized malware files have left Trend Micro researchers wondering if they have been designed that way or if they are just an undesirable side effect lurking from heavily infected systems.

How to stay safe while shopping online
While shoppers are looking for the hottest deals from online retailers to kick off their holiday shopping, cybercriminals are also looking to “score big” – by stealing shoppers’ personal and financial information.

Bruce Schneier on cyberwar and cybercrime
In this video, Bruce Schneier examined the future of cyberwar and cyber security. He explored the current debate on the threat of cyber war, asking whether or not the threat had been over-stated. He then explored the range of attacks that have taken place, including the Latvian DOS attack and the Stuxnet worm.

Exploit code for still unpatched 0-day used by Stuxnet released
Three of those have already been patched by Microsoft – the LNK vulnerability, the vulnerability located in the Print Spooler service, and a Windows XP local privilege escalation flaw – but the fourth one still remains unpatched.

Most employees will steal company secrets if fired
Insider threats are mainly comprised of normal, mainstream employees. Most strikingly, the Imperva survey found that 70% of respondents had clear plans to take something with them upon actually leaving their job.

Former Ford employee stole company secrets worth millions
An interesting case of theft of industrial trade secrets was unveiled yesterday as news that the culprit – one Xiang Dong (“Mike”) Yu – has pleaded guilty to the charges and is facing a sentence of up to six years in prison and a fine that can reach $150,000 was revealed by TechCrunch.

HTTPS Everywhere now protects against Firesheep
The EFF launched a new version of HTTPS Everywhere, a security tool that offers enhanced protection for Firefox browser users against Firesheep and other exploits of webpage security flaws.

PacketWars: A cyber security sport for a cyber age
In this day and (cyber)age, hacking contests are sprouting like mushrooms after the rain – and it’s a good thing they do. For what better venue is there for exercising the offensive and defensive cyber skills of future “cyber warriors” than events such as these, where their talent can get noticed and appreciated, and inspire others?

Worst offending IP addresses for sending spam and viruses
Security analysts at WatchGuard have identified the worst offending IP addresses for sending the most email spam and viruses, along with the top 10 most popular viruses.

Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques
Ninja Hacking is not your typical “hacking” book. By comparing hackers with ninjas, the authors try to demonstrate how the ninja way of doing things can be translated to fit the cyber warfare arena, and how learning to think like the enemy does can help you become the very best penetration tester and protector of computer networks and systems you can be.

Two indicted for university hack binge
Two former students of the University of Central Missouri have been charged with computer intrusion, intercepting electronic communication and aggravated identity theft, following a hacking spree that would put to shame the efforts of most cyber criminals.

Windows 0-day circumvents UAC
Windows zero-day vulnerabilities are lately getting discovered too often for Microsoft’s – and users’ – liking. Unfortunately for all of us, details of yet another one have been disclosed on a Chinese board.

Spear phishing campaign targeted e-mail marketers and their customers
For months now, a massive spear phishing campaign has been targeting employees of over 100 e-mail service providers, with the goal of compromising their computers and those of marketing companies that handle campaigns for the biggest and best-known brands out there.

Network security facing dual challenge
Network security systems are under pressure. The dual challenge of dealing with more attacks at higher speeds threatens to undermine the stability of the most important commercial platforms of the 21st century; namely the Internet. What can be done to address these challenges and avert the economic impact of an Internet collapse?

Student pleads guilty to helping organize Anonymous DDoS attacks
Steve Slayo, a 19-year old Australian student, has pleaded guilty to having organized a DDoS attack targeting – among others – the websites of the Australian Prime Minister Kevin Rudd and the Communication Minister Stephen Conroy, as part of the so-called Operation Titstorm.