Week in review: Patching strategies, HTC Android privacy flaw, and how well do you know SSL?

Here’s an overview of some of last week’s most interesting news, videos, articles and podcasts:

Serious disconnect between security perceptions and reality
The majority of respondents (60 percent) reported that management believes security is stronger than it actually is, while only 22 percent reported that management is aware of their company’s true security preparedness.

HTC Android devices allow almost any app access to private data
It’s bad news all around for users of various HTC Android smartphones, as the private data collected by the logging tools recently introduced by the company is also discovered to be available to any application that is granted permission to access the Internet – and most of them are.

Law enforcement increasingly asking Internet companies to share data
The fact that one can find out a lot about a person’s interests, movements and opinions from their Facebook and Twitter accounts, Google searches and messages exchanged via messaging platforms has not been lost on law enforcement agencies worldwide.

Picasa Web Albums and Yahoo! Groups are loved by spammers
Cyber crooks and spammers are always on the lookout for ways to reach and victimize the largest amount of individuals possible. And sometimes even Internet giants such as Google and Yahoo make mistakes that allow them to do that.

Facebook now protects users from malicious links
Facebook and Websense announced a technology integration partnership that helps to protect Facebook users from links that lead to malware and malicious sites.

Suspect cyberbullying? Here’s five tips on what to do
Most parents know that when a bullying incident occurs with their child, they should address it immediately. In the case of cyberbullying, online tools are now available to alert parents the moment something happens so they can react in real-time.

Patching strategies
Secunia has compared different patching strategies under the assumption of limited resources. Measurements demonstrate that an intelligent patching strategy can result in increased resilience against exploits; lowering risk levels by up to 80% and maximizing operational efficiency.

Using online advertising to find out if your data is valuable to a criminal
Find out how to use Google and other advertising networks to value your organization’s data and work out if it is worth an attacker’s attention.

This is how Windows get infected with malware
CSIS has over a period of almost three months actively collected real time data from various so-called exploit kits. The purpose of this study is to reveal precisely how Microsoft Windows machines are infected with malware and which browsers, versions of Windows and third party software that are at risk.

SpyEye Trojan hijacks mobile SMS security for online fraud
Using captured code, Trusteer discovered a two-step web-based attack that allows fraudsters to change the mobile phone number in a victim’s online banking account and reroute SMS confirmation codes used to verify online transactions.

Best practices for fighting credit card theft
3DSI’s tips consist of tried-and-true tools and techniques for companies to use in detecting and deterring online thieves from stealing sensitive payment data from their computer systems.

Wi-Fi users live in a false sense of security
Wi-Fi users in the U.S. are confident that they are taking the right steps to protect themselves when using Wi-Fi devices. In fact, 97 percent of Wi-Fi users recently surveyed by Wakefield Research for the Wi-Fi Alliance report they believe the data on their devices and networks is “safe and secure.”

Photos: The look and feel of Virus Bulletin 2011
Help Net Security is attending the Virus Bulletin 2011 conference in Barcelona this week. Here’s an overview of the event in photos.

ExploitHub offers cash for exploits
ExploitHub, the marketplace for penetration testers, is issuing a bounty for exploits developed against 12 high-value vulnerabilities (CVEs). Security researchers who submit working exploits against these CVEs can earn up to $4,400.

The state of hacked accounts
Most users get hacked at high rates even when they do not think they are engaging in risky behavior, with 62% unaware of how their accounts had been compromised.

Facebook scammers exploit death of Steve Jobs
Just a few hours after Steve Jobs’ death, scammers had created a Facebook page called “R.I.P. Steve Jobs” which contained a malicious URL and a text claiming that 50 free iPads were being given away ‘in memory of Steve Jobs.’

Malware attacks up due to social media
63 percent of more than 4,000 respondents in a new Ponemon Institute survey said that social media in the workplace represents a serious security risk — yet only 29 percent report having the necessary security controls in place to mitigate it.

Back to the future: Why IT managers should care about firewall management
Companies that have taken the time to define their policy and rules usually put firewalls into production with a fairly robust policy set. The problem occurs over time as change requests are made and administrators are asked to incorporate more and more rules over time.

Verizon Business data breach investigations report 2011: 8 days a week
What can be learned from the investigation into successful data breaches? What are the latest trends and techniques used by attackers? Get a front row seat at the breach cases investigated by Verizon, the U.S. Secret Service and the Dutch National High Tech Crime Unit.

Top DDoS attacks of 2011
There was an uptick in attacks against corporations by hacktivists DDoS-ing sites for political and ideological motives, rather than financial gain.

How well do you know SSL?
Ivan Ristic, the Director or Engineering at Qualys, talks about the research done by SSL Labs. SSL Labs is a collection of documents, tools and thoughts related to SSL. It’s a non-commercial research effort to better understand how SSL is deployed, and an attempt to make it better.

More about

Don't miss