Week in review: Ethical hacking, malicious Instagram Android app, and the success story of the cleanest ISP in the world
Here’s an overview of some of last week’s most interesting news, videos, reviews, podcasts, interviews and articles:
SSL/TLS deployment best practices
In this video recorded at RSA Conference 2012, Ivan Ristic, Director of Engineering at Qualys, talks about SSL Labs and their efforts to understand how SSL was used and to remedy the lack of easy-to-use SSL tools and documentation.
New Mac malware uses Flashback Java exploit
Apple’s decision to push out a Flashback malware removal tool for OS X Lion bundled with a new Java security update has proven to be rather fortunate, as a new Mac OS X threat has been discovered taking advantage of the vulnerability (CVE-2012-0507) exploited by the latest Flashback variants.
Hacktivist group confirms arrest of its leader
One of the two teenagers arrested late last week in the UK has been charged with one count of conspiracy to cause a public nuisance and with one count of violating the Computer Misuse Act of 1990 for having carried out a phone based denial-of-service attack against Scotland Yard’s Anti-Terrorist Hotline.
Behind the scenes of the cleanest ISP in the world
Arttu Lehmuskallio, Security Manager of TeliaSonera’s CSIRT in Finland, shares details about the evolution of his company’s automated monitoring and alerting system, the problems they had to face in its various stages and the solutions they came up with.
Big data disruptions can be tamed
Big data makes organizations smarter and more productive by enabling people to harness diverse data types previously unavailable, and to find previously unseen opportunities. However, Gartner analysts said big data poses big challenges as well — and that’s where enterprise architects can help.
What is the top target of cyber attacks?
Customer, student, employee and patient information is most at risk for cyber attacks today, and defending that data is a top concern for IT professionals this year, according to a survey published by CDW.
Bank accounts of 3 million Iranians compromised
A former manager of an electronic banking clearance and automated payments system in Iran got tired of waiting for banks to fix a security vulnerability that put their customers in danger and brought attention to the matter by posting account details of around 3 million individuals on his blog.
Malware disguised as new Instagram Android app
Instagram, the popular free photo sharing app for iOS devices, is now available for download for Android users on Google Play and Instagram’s website. Unfortunately, a rogue malicious version of it is also being pushed onto Russian Android users.
CompTIA Security+ SY0-301 Authorized Practice Questions Exam Cram (3rd Edition)
With over 800 practice questions, this book covers all the topics addressed in the CompTIA Security+ SY0-301 exam, and the CD allows you to experience what the actual exam feels like.
New firewall safeguards against medical-device hacking
Researchers at Purdue and Princeton universities have created a prototype firewall to block hackers from interfering with wireless medical devices such as pacemakers, insulin-delivery systems and brain implants.
Most parents secretly access teens’ Facebook accounts
AVG’s global, multi-year, Digital Diaries research project has aimed to determine how the Internet is impacting children as they play, learn, and grow up in today’s digital world. Entitled Digital Coming of Age, the latest phase of the study surveyed 4,400 parents with 14-17 year olds in 11 countries.
ISO 27001/BS 25999-2: The certification process
Obtaining an ISO 27001 or BS 25999-2 certificate is not mandatory, however most of the companies implementing either of these standards want to get certified – the main reason for that is that they want to achieve a marketing advantage.
Anonymous to set up secure Pastebin alternative
Following Pastebin.com owner’s announcement of his intention of speeding up takedown of sensitive information and his willingness to share the posters’ IP addresses with the authorities, the popular online pastebin has fallen into disfavor with the Anonymous hacking collective.
Spam campaign combines phishing, malware and survey scams
An ongoing spam campaign characterized by brief subject lines and containing only a hyperlink rendered in a large font saying “Click here to see the attached video/photos” or “Click here to read this message” has been targeting users for the last few months.
Three BYOD problems that need to be solved
In this podcast recorded at the RSA Conference 2012, Scott Ashdown, Director of Products and Solutions at Imation Mobile Security, talks about the phenomenon and addresses three important issues that companies must address in order to minimize or even eliminate the additional risks created by it.
Most IT admins considered switching careers due to stress
67% of IT administrators have considered switching careers due to job stress, according to GFI Software. Managers, users (employees), and tight deadlines were cited as the biggest job stressors.
The importance of ethical hacking
The recently published white paper entitled “The Importance of Ethical Hacking: Emerging Threats Emphasise the Need for Holistic Assessments” by Frost & Sullivan, discusses benefits from independent ethical hacking assessments, the role of ethical hacking in an enterprise security architecture, as well as top technical concerns and solutions.
Fake “Steam Cracker” steals user credentials
Users of Valve’s Steam game platform are once again targeted by malware peddlers, and this time the lure is a “Steam Cracker”.
Highly compelling spam campaign delivers malware
Variations of “RE:Check the attachment you have to react somehow to this picture”, “RE:They killed your privacy man your photo is all over facebook! NAKED!” and “RE:Why did you put this photo online?” are used in the subject line, and the content of the email is changed to suit.