Week in review: LinkedIn privacy misstep, compromised WordPress blogs and what really breaks SSL

Here’s an overview of some of last week’s most interesting news:

Anonymous dumps US law enforcement, Brazil’s Federal Police data, hacks Syrian MOD website
The AntiSec initiative is keeping busy.

Big corporations “hacked” in Defcon social engineering contest
The capture-the-flag-style competition involved contestants placing phone calls to employees of companies such as Oracle, AT&T, Delta Air Lines, Symantec and Apple, and trying to trick them into revealing information.

Assessing the security of cloud providers
The Cloud Security Alliance announced the launch of a new initiative to encourage transparency of security practices within cloud providers.

SMS spying Android Trojan triggered by keywords
Another week, another trojanized Android app. And, according to Trend Micro researchers, this one has a functionality that differentiates it from similar previous ones: it intercepts text messages base on keywords defined in the configuration file.

Protecting mobile phones? Most don’t bother
Although almost a quarter of consumers (22%) have lost a mobile phone in the past, and a further 12% have had a phone stolen, 67% don’t have passwords set up on their mobile phones to protect stored data, according to Sophos.

What really breaks SSL?
For an average web site, the security of the communication channel is rarely compromised by attackers using advanced exploitation techniques. On the contrary, the compromises virtually always come from the flaws in the way SSL is deployed.

Facebook mobile users get password reset option
Facebook has announced it will be adding a very welcome security feature for the 250 million users accessing the social network through their mobile devices – the password reset option.

4,300+ compromised WordPress blogs poison Google Image Search results
Google Image Search has for a while now been littered with images that lure users to compromised sites that serve as doorway pages to other malicious sites.

Hackers raid mass killer’s email accounts for info
After the recent hacking of Norwegian mass killer Anders Breivik Behring’s Twitter account, it seems that the same group of hackers has also decided to compromise two of his email accounts.

Malicious fake Firefox update spam run
Fake notices about a Firefox update are again targeting the browser’s users.

Sony PSN offers identity protection to users
Almost four months after admitting that its PlayStation Network servers have been breached and the personal information of 70 million users has been compromised, Sony has begun sending out emails offering free one-year identity protection and fraud detection coverage to its users.

OpenLeaks calls on hackers to attack its test site
They hope that the results of this crowd-sourced penetration test will allow them to improve the site’s stability and the security of the dropped off data, but most especially to ensure the complete anonymity of the whole process – a feature crucial for an endeavor such as this one.

China hit by almost half a million cyber attacks in 2010
China has been hit with almost half a million cyber attacks last year, claims a report by the country’s National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT/CC).

Citigroup suffers second data breach in four months
Less than four months after the breach that affected some 200,000 Citigroup customers comes the news that the personal data of 92,000 Citi Cards Japan users has been compromised and sold to a third party.

Facebook and the publishing of mobile contacts scare
Facebook users are once again in a tizzy after having been faced with a message posted by some of their friends.

LinkedIn mimics Facebook, introduces questionable on-by-default feature
LinkedIn has changed its Privacy Policy a couple of months ago and among the changes is the SA feature, which is “on” by default.

Android malware masquerading as love test app
Online Chinese third party app stores are a treasure trove of Android malware which hides under many guises.

US officials incessantly targeted with phishing emails
Remember the phishing attack against government officials and political activists that was disrupted by Google in June? Well, it’s far from over.

DDoS attack disrupts trading on Hong Kong’s stock exchange
The website of Hong Kong’s stock exchange has been hit by a DDoS attack and trading has been suspended as the site in question is used for publishing announcements by trading companies and the information contained in them is often crucial for market players.




Share this