Week in review: Sega hack, Dropbox security glitch and LulzSec leak

Here’s an overview of some of last week’s most interesting news and articles:

LulzSec teams up with Anonymous for Operation AntiSec
Over the weekend, LulzSec has seemingly finally moved away from being in it “for the lulz” and has acquired a cause: it has announced it has teamed up with Anonymous and other “affiliated battleships” and that it is launching “Operation Anti-Security”.

Sega hacked, 1.3 million accounts compromised
Sega Corporation was attacked and its database breached, and the fact was confirmed by the company the day after it took its SEGA Pass system offline.

Spam e-books plague Amazon’s Kindle store
If you are a regular customer of Amazon’s Kindle store, you could already be aware of the fact that spammers are using it to fleece customers out of their hard-earned cash by tricking them into buying bogus e-books.

iCloud search ends with fake AV
A number of these URLs that come up in search results have been found on MyMobi, a news site that covers news about new gadgets.

Will we finally see a federal data breach notification law?
Currently, there is no general federal breach notification law, although certain laws (such as the Health Insurance Portability and Accountability Act) contain notification obligations for specific sectors of the economy.

German hackers sentenced for stealing Lady Gaga songs
The two German youths that have been arrested in December for stealing unreleased songs of over fifty recording artists and selling them online have been found guilty of multiple counts of copyright violation and hacking.

ICANN domain expansion could increase phishing
The ICANN board gave final approval to what some are calling “the most dramatic change to the Internet in four decades” allowing the expansion of new Top-Level Domains.

Dropbox security glitch allowed anyone to access user accounts
Web-based file hosting service Dropbox has confirmed that a bug introduced by a code push allowed anyone to access any user account by simply typing in a random password for a period of nearly four hours.

Certification authority reports security breach
The authority in question is StartSSL, operated by StartCom, and according to the short message posted on their site, the breach occurred on the 15th of June.

The mobile security conundrum
The pressing question facing the hard-pressed IT security manager is how, in the face of a paucity of tablet and smartphone-specific security offerings, and a general apathy amongst corporate users, how to get the mobile security focus back on track?

Japan criminalizes malware creation and distribution
The Japanese parliament has finally passed a law that punishes malware creators and distributers – and even people who acquire/store malware – with jail time and a hefty fine.

Bad software patches cause critical IT failure
Half of businesses have suffered at least one business critical IT failure as a result of installing a bad software patch, according to GFI Software. The research also revealed that a quarter of those surveyed suffer recurring IT failures and lost productivity resulting from software bugs and incompatibilities introduced by badly developed software updates.

Increase in stolen digital certificates used to sign malware
A report unearths how “trusted malware” is continuing to grow at an alarming rate. In Q2, AVG has seen an increase in the number of stolen digital certificates used to sign malware, before being distributed by hackers.

“Free McDonald’s meal” spam leads to malware
Spam campaigns offering free stuff are usually rather effective, and the latest one touting a free breakfast at McDonald’s on the 27th of June is likely to reel in many victims.

Chrome extension for identifying insecure code
In a bid to help developers keep their websites clear of security holes, Google has built – and offered for free – a (currently experimental) Chrome extension called DOM Snitch.

FBI swoops on scareware distributors
The US Department of Justice and the FBI, along with international law enforcement partners, announced the indictment of two individuals from Latvia and the seizure of more than 40 computers, servers and bank accounts as part of Operation Trident Tribunal.

LulzSec leaks classified Arizona law enforcement documents
“We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement,” stated the latest press release by LulzSec. “We are targeting AZDPS specifically because we are against SB1070 and the racial profiling anti-immigrant police state that is Arizona.”