Week in review: Assange arrested, 2011 threat landscape and first VoIP call from space

Here’s an overview of some of last week’s most interesting news and articles:

McAfee’s Secure Short URL Service not so secure
M86 Security Labs’ researchers have decided to test if the service is working as it should, and chose to test if a phishing URL blocked by Facebook would be blocked when clicked on in its shortened form.

Doorways on non-default ports make compromised websites harder to spot
Are negligent site and server administrators at least as much to blame for compromised sites that redirect users to doorway pages to pirated software as the cyber criminals that took advantage of their poor security?

Tracking a pirated software license
When Avast Software spotted a license for its avast! Pro Antivirus software being distributed online, they decided to do a simple experiment – they didn’t take any action that would curb its spread, and simply monitored how many time the license will be used to register the software.

Most businesses vulnerable to cache poisoning attacks
While DNSSEC adoption percentages appear to have increased dramatically by 340 percent this year, the actual number of zones that have been signed is very small: .02 percent.

Securing the Smart Grid: Next Generation Power Grid Security
Smart grids are a reality and the future, and they promise greater reliability, affordability, efficiency and, hopefully, a better and environmentally cleaner exploitation of available resources. But all that brings to light new threats to the grids. What does that entail and what can we do to defend them – these are the two main questions that this book offers the answers to.

Fake Amazon receipt generator discovered
This is a particularly interesting scam, as it doesn’t target regular PC users – it targets the people who sell you things, such as the merchants on the Amazon marketplace.

Twitter worm spreading malicious goo.gl links?
A new Twitter worm seems to be burrowing its way across the service, apparently forcing mobile Twitter users to retweet a goo.gl shortened link which they clicked on themselves.

Julian Assange arrested in London
WikiLeaks’ founder and director Julian Assange has been arrested Tuesday morning at 9.30am (GMT) at a police station in London.

First VoIP call from space
Cisco announced the results of the latest Internet Routing in Space (IRIS) testing, marking the first-ever software upgrade of an IP router aboard a commercial satellite while in orbit. In addition, Cisco completed the industry’s first VoIP call made without the use of any terrestrial infrastructure to route the call.

What’s in store for 2011? More scams and identity theft
Unemployment, economic uncertainty and the proliferation of technology will be factors in emerging types of fraud over the next year, according to the 2011 Identity Theft Assistance Center Outlook.

Is anyone in control of cloud security?
Safeguarding the IT infrastructure from unmonitored access, malware and intruder attacks grows more challenging as the operation evolves for cloud service providers. And as a cloud infrastructure grows, so too does the presence of unsecured privileged identities.

Increased collaboration on cybercrime syndicate crackdowns
As 2010 comes to a close, information security companies are trying to predict the amount of problems we’ll have to deal with next year. Here is a list of 5 security trends for 2011 by Fortinet.

Assange denied bail, WikiLeaks issues next batch of cables
Following his arrest, Julian Assange has been taken to hearing at City of Westminster magistrates court, where details of the charges laid against him have been finally brought to the open.

Internet Explorer 9 promises protection from online tracking
Worried about third-party websites tracking your browsing history? Microsoft has a solution for you. The new version of Internet Explorer, which is due for release in early 2011, will contain a “Tracking Protection” feature, aimed at identifying and blocking many different forms of online activity tracking.

Zeus targets major retailers
Trusteer recently discovered a Zeus botnet that is targeting credit card accounts of major retailers including Macy’s and Nordstrom just as the holiday gift buying season is in full swing.

Facebook Mobile Privacy Dashboard gets an upgrade
Mobile Facebook users will soon have much more control over they privacy settings – they will be able to see what information they are sharing with which applications and websites and edit those settings.

Anonymous continues with DDoS attacks, possibly using a non-volunteer botnet
Anonymous – the hacktivist group that has become notorious for its DDoS attacks on websites of the RIAA, MPAA, and other anti-piracy organizations and companies – has taken it upon themselves to “defend” WikiLeaks.

Security, is there an app for that?
Smartphones are now an essential tool across all sections of society, from top government officials to businesses and consumers. In its new report, ENISA analyses the key security opportunities and risks.

Fake Facebook toolbar leads to malware
It has become a predictable pattern – every time Facebook introduces some changes, malicious spammers start e-mail campaigns that try to take advantage of the news and lure users into downloading malware.

L0phtCrack 7: The next level of password auditing and recovery
L0phtCrack is one of the most used tools by security professionals worldwide. After years of inactivity, version 6 was released in 2009 and development hasn’t halted since. In the video below, L0phtCrack co-author Christien Rioux talks about the upcoming version and introduces some of the new features.