Week in review: SCADA attack code, Play.com breach and Comodo’s rogue SSL certificates

Here’s an overview of some of last week’s most interesting news, articles, interviews, videos and podcasts:

Google blames China for Gmail service disruptions
It seems that the active exploitation of the MHTML vulnerability that Google’s Security Team reported on earlier this month has a lot to do with recent attempts by the Chinese government to stem its own online revolution movement without appearing to be doing so.

Tips to keep information secure when filing taxes online
As the IRS tax filing deadline quickly approaches, Identity Finder released tips to help individuals protect private and personally identifiable information. The IRS reports that nearly 50 million tax returns have been e-filed so far this year.

34 SCADA vulnerabilities revealed
Italian researcher Luigi Auriemma wasn’t familiar with SCADA before starting an experiment that had him searching for vulnerabilities in a number of well-known server-side SCADA software. He disclosed the vulnerabilities he found and the proof-of-concept code related to each of them on the Bugtraq mailing list.

The expanding role of digital certificates… in more places than you think
A scribbled signature may have been enough to verify your identity 20 years ago, but today’s online world requires more advanced — and authenticated or encrypted — methods of proving who, or what, you are online or within a digital environment. Enter digital certificates — an authentication method that has an increasingly widespread role in today’s online world.

Five security secrets your IT administrators don’t want you to know
In today’s rush to contain operational costs, your IT administrators could be taking more shortcuts than you’d expect. And perhaps no aspect of IT suffers more from cutting corners than does security. Here are five facts about IT security that your administrators probably don’t want you to know.

Play.com breach compromises customer names and email addresses
Play.com, one of the largest online retailers of CDs, DVDs, books and gadgets, has notified its customers of a breach that possibly resulted in their names and email addresses being compromised.

Web application security trends and issues
In this podcast, Mandeep Khera from Cenzic talks about web application security trends and issues.
Web applications are the weakest link in the security chain – and it will continue to be so for the foreseeable future – because even though 73% of companies were hacked at least once in the past two years, over 70% of companies are testing less than 10% of their applications.

RSA clients to be briefed about the breach
In order to help its customers and stop the speculation, Stratsec – Australia’s largest information security consultancy firm that administers local clients of RSA – has decided to invite all of them to a teleconference where they will be briefed about the incident.

Second hand phones contain extensive personal data
People are unsuspectingly selling their personal information to complete strangers as a new report from CPP finds half (54%) of second hand mobile phones contain extensive personal data. Here is how to wipe personal information off your mobile phone.

Rogue SSL certificates issued for Google, Yahoo, Skype
A Comodo affiliate Registration Authority (RA) has been compromised and the incident resulted in the issue of nine rogue SSL certificates for seven popular domains, reported Comodo.

How secure is your browser?
Qualys CTO Wolfgang Kandek talks about research which clearly shows that browser security is alarmingly bad. Browsers and plug-ins are frequently outdated and easily attacked.

Security auditing tools and challenges
James Tarala is a principal consultant with Enclave Security. He is a regular speaker and senior instructor with the SANS Institute as well as a courseware author and editor for many SANS auditing and security courses. In this interview he discusses security auditing, insecure passwords, operating systems as well as his training course at SANS Secure Europe Amsterdam 2011.

Twitter tests XSS attack prevention on its mobile website
Twitter has been testing and has now implemented Content Security Policy – a new standard developed by Mozilla to block cross site scripting (XSS) attacks – on its mobile website.

Serious cyber attack targets EU institutions on eve of summit
The European Commission and the External Action Service – the Community’s diplomatic arm – have been hit by a “serious” cyber attack.

TripAdvisor member database breached, part of it stolen
Just days after Play.com notified its customers of a breach that resulted in their email addresses being compromised and some of its users being targeted with malicious emails, it was the turn of another Internet giant to send out warning emails to its customer base.

Japan leakage analysis emails with malicious XLS attachments
Japan’s seemingly unending series of misfortunes has so far generated a vast variety of online scams. The latest one includes spam emails containing Excel attachments rigged with Flash exploits.

Rustock’s demise linked to Harnig botnet switch off
It seems that Microsoft has inadvertently killed two birds with one stone – so to speak. According to FireEye’s researcher Atif Mushtaq, the Harnig botnet – also known as Piptea – has ceased to function on the very day that Microsoft began raiding Rustock’s servers.

Randomization of code and binaries for evading AV solutions
An interesting detection evasion technique by a site that serves fake AV has recently been spotted by a Zscaler researcher. The site’s source code has been randomized so that each time a user visits the site, he is presented with a different fake count of supposedly found malware AND a different malicious binary masking as an AV solution to download.

IPv6 reputation is doable
The sheer volume of the IPv6 address space introduces challenges that do not exist in an IPv4 network. For example, many techniques used to track the reputation of an IP address do so based on the entire IPv4 address.




Share this