Week in review: LulzSec hackers arrested, inadequate Android AV solutions, and the GitHub hack
Here’s an overview of some of last week’s most interesting news, podcasts and articles:
Pinterest users targeted with scams
Pinterest, the pinboard-styled social photo sharing website that got so popular even Mark Zuckerberg opened a profile to see what all the fuss was about, has also caught the attention of online scammers and spammers.
Programmer hacks GitHub to prove a point
Russian programmer Egor Homakov has recently chosen a questionable tactic to prove the danger that a Ruby on Rails public key form update vulnerability poses to systems based on this popular open source web application framework: he hacked GitHub.
Visa pressures banks into closing spammers’ account
When computer science professor Stefan Savage and his team of researchers unveiled their analysis of the spam monetization model last year, they described 15 steps required for it to work. They also pointed out that the only step that cannot be recreated easily if suspended is the point of transaction.
New P2P botnet soon available for sale
The development of a new botnet that will rely on a decentralized architecture based on P2P technology is nearing completion and will soon be offered for sale for a sum of $8000 on a number of underground hacking forums.
Removing risk from network and security change management
The issue is that every new hire, every software patch or upgrade, and every network update opens up a security gap and increases the organization’s risk exposure.
IT security in 2020
In this podcast recorded at Virus Bulletin 2011, Kaspersky Lab’s Maksym Schipka paints a picture about the future of computer and information technology, and the threats that will likely be targeting Internet users in 2020.
The decline of trust in social networking platforms
The UK is increasingly well connected, however it is seeing a wave of distrust across all major communications channels (mobile, fixed and social networking) due to fears surrounding security threats such as viruses, spam and phishing attacks.
Major phishing contributors and enablers
Agari announced the first Annual Sumo Awards to dishonor phishing’s biggest contributors and enablers. The Sumo Awards categories identify why phish emails succeed, highlight unknowing contributors who aid criminal phishing, and suggest how businesses can take collective action and responsibility to prevent malicious attacks through email.
New mass injection wave of WordPress websites
At the time of writing, more than 200,000 Web pages have been compromised, amounting to close to 30,000 unique Web sites (hosts).
Two-thirds of Android AV solutions not good enough
Nearly two-thirds of Android antivirus products offered on the market today cannot be considered reliable enough for use, says independent IT and security research institute AV-Test.
Privacy concerns impacting what people buy
Concerns about data security and privacy are impacting what people buy and which companies they do business with, according to a new Edelman study.
Arrested Anonymous members charged, Anon retaliates
The online world was rocked on Tuesday by the news that a number of members of LulzSec and Anonymous were arrested following a betrayal by LulzSec leader “Sabu” and a coordinated action by law enforcement agencies on two continents.
Researchers compromise e-voting system
A group of researchers from the University of Michigan has recently attacked and managed to compromise the Washington, DC Digital Vote by Mail Internet voting system, proving that its deployment should definitely be reconsidered.
Facebook cut down large-scale phishing with social authentication
Alex Rice, Facebook’s product security lead, explained the relatively recent improvements to the process with the adding of social authentication methods.
Scareware hides files and folders, offers fix for $80
BitDefender researchers have recently come across a nasty piece of scareware that tricks victims into believing that all their files and folders have disappeared due to hard disk issues and urges them to buy a disk repair utility that will solve the problem for a price of $80.
Phishers exploit Facebook Timeline hate
Many Facebook users have still not reconciled themselves to the fact that the Timeline profile is here to stay, and this makes them prefect targets for scammers.
IE 9 hacked at Pwn2Own, Google patches Chrome bugs
After the success they had with attacking Google’s Chrome browser, the team of vulnerability researchers from French firm VUPEN has also managed to hack Microsoft’s Internet Explorer 9 on a fully patched Windows 7 SP1 machine.
Anonymous continues defacing websites, releases Norton AV code
Law enforcement agencies involved in the investigations and the arrests are hoping that without these “leaders”, Anonymous will present a lesser threat to everyone – especially to private businesses, governments and their various organizations. It is too soon to tell whether their hopes will be realized, but for now, the Anonymous collective continues with attacks.