Week in review: Link between Flame and Stuxnet discovered, and cracking LinkedIn passwords

Here’s an overview of some of last week’s most interesting news, reviews and articles:

Lessons learned from cracking 2 million LinkedIn passwords
Like everyone this week, I learned about a huge file of password hashes that had been leaked. The 120MB zip file contained 6,458,020 SHA-1 hashes of passwords for end-user accounts.

Tips for safe password use
After the news about the theft of millions of user passwords from the business-based networking site LinkedIn, dating site eHarmony and Last.fm, users should be extra vigilant with their online security, according to BullGuard.

Small businesses not afraid of data breaches
As the number of data breaches involving smaller businesses continues to grow, a new survey by The Hartford finds that 85 percent of small business owners believe a data breach is unlikely, and many are not implementing simple security measures to help protect their customer or employee data.

Adobe delivers sandboxed Flash Player for Firefox users
“Our Protected Mode implementation allows Flash Player to run as a low integrity process with several additional restrictions that prohibit the runtime from accessing sensitive resources,” Peleus Uhley, Platform Security Strategist with Adobe, explained.

MySQL flaw allows attackers to easily connect to server
A simple but serious MySQL and MariaDB authentication bypass flaw has been revealed by MariaDB security coordinator Sergei Golubchik, and exploits targeting it have already been found in the wild.

Flame and Stuxnet are linked, say researchers
Kaspersky Lab researchers who have been rooting into the code of the Flame toolkit since its discovery believe to have unearthed definitive proof that, at one point in time, the developers of both Stuxnet/Duqu and Flame worked together.

Five IT security threats and how to combat them
Quest Software identifies the following five top security threats and offers a set of solutions.

Diablo 3 real-money auctions accessible only with authenticator
It seems that the long awaited Diablo 3 real-money auction house will finally become a reality, as Blizzard has changed its Terms of Use to make all players who want to access it require to have a Battle.net Authenticator or Battle.net Mobile Authenticator attached to their Battle.net account.

Implications of the rise of mobile device
CIOs and IT leaders must address three key implications of the “post-PC” era, as workforces and consumers increasingly access IT applications and content through mobile devices, according to Gartner.

The rise of the private cloud
More than half of North American cloud service providers (CSPs) reported that their customers are opting for the private cloud services model, while 32 percent are choosing public cloud services.

ISO 22301: An overview of BCM implementation process
While many business continuity methodologies exist for more than 20 years, none of them have really managed to include business continuity in regular management duties – this is probably why ISO 22301 is emerging more and more as a leading business continuity standard worldwide.

Growing security demands, old security infrastructure
SMBs are struggling to keep IT infrastructures up to date with current working practices and more advanced threats, according to Sophos.

Windows Forensic Analysis Toolkit, Third Edition
As a considerable number of PC users has switched to Windows 7, Harlan Carvey has updated its popular Windows Forensic Analysis Toolkit book to cover the systems running it. Still, many users are have stayed with Windows XP, which makes this book less a replacement and more a companion tome for its previous edition.

Global 2000 networks are vulnerable to Flame-style attacks
Venafi has aggregated scanning data from the networks of 450 Global 2000 enterprises and discovered how frequently MD5-signed certificates are deployed – and it is quite often. This is hard data, not based on surveys and theory. And, the data is on more than just MS and self-signed certificates, it extends to VeriSign, GeoTrust and others.

Security tips to combat mobile device threats to healthcare
Since patient data can be moved, processed and shared via personal cell phones and tiny USB flash drives, the Bring-Your-Own-Device phenomenon can wreak havoc on a hospital.

CEOs lack visibility into seriousness of security threats
CORE Security exposed the division that exists between the CEO and Chief Information Security Officer (CISO), on how they view threats to IT Infrastructure security.




Share this