Week in review: Yahoo password leak, multi-platform backdoor, Microsoft revokes its code-signing certificates
Here’s an overview of some of last week’s most interesting news, videos, interviews and articles:
Worldwide IT spending to surpass $3.6 trillion in 2012
In contrast to the rather lackluster growth outlook for overall IT spending, Gartner expects enterprise spending on public cloud services to grow from $91 billion worldwide in 2011 to $109 billion in 2012. By 2016, enterprise public cloud services spending will reach $207 billion.
Fake anti-piracy warnings hitting UK users with money requests
Much has been said and written about the UK’s Digital Economy Act, but most Internet users still know just one thing about it: that it will eventually end with ISPs sending out notifications to Internet pirates, who will be forced to stop their illegal activities or suffer consequences.
MIT unveils a new Internet protocol for mobile clients
By exchanging TCP with UDP, two MIT researchers have managed to create the State Synchronization Protocol (SSP) – a new Internet protocol more suited to establishing and sustaining the irregular and low-bandwidth connections typical of mobile devices connecting to wireless networks – and Mosh (“mobile shell”), a remote terminal application that implements it in order to guarantee the security of such connections.
Enterprise log managers: An unsexy but vital tool
Ultimately, the goal of Enterprise Log Management (ELM) is to get your most critical events escalated to your operations staff to react and respond with the appropriate actions.
New Android Trojan secretly buys apps
Researchers of mobile security company TrustGo have recently unearthed a new type of Android malware whose goal is to surreptitiously buy apps and other content from China Mobile’s Mobile Market without alerting and needing the permission of the user.
DarkComet RAT author ends the project
The DarkComet remote administration tool, which has recently been misused by the Syrian government to spy on its opponents, has reached the end of the line.
Restoring critical applications a top concern
Organizations now operate in a world where employees and customers alike expect critical services to be available and accessible at all times, and it’s forcing IT to rethink the way it approaches backup and recovery.
Exploring the world of digital forensics
Jess Garcia, founder of One eSecurity, is a senior security engineer and an active security researcher in areas of incident response, computer forensics and honeynets. In this interview he talks about mobile forensics, cyber crime scenes, how forensics experts testify in court, privacy concerns, and more.
Bruce Schneier: Trust, security and society
Human societies run on trust. Every day, we all trust millions of people, organizations, and systems — and we do it so easily that we barely notice. But in any system of trust, there is an alternative, parasitic, strategy that involves abusing that trust.
Microsoft revokes 28 of its code-signing certificates
The long awaited patch for the CVE-2012-1889 vulnerability that has been heavily exploited in the wild and the exploit for which has even been included in the Blackhole Exploit Kit is not the only big news from the latest Patch Tuesday.
Formspring breach and leak triggers massive password reset
Formspring, a social Q&A website popular with teenagers, is the latest site to have its servers breached and the passwords of its users compromised by hackers.
Do you need a honeypot?
It might seem like a strange question, but I wonder how many readers are running a honeypot network in their infrastructure? If you’re not then let me be the first to say that you really should. This could be a slightly controversial view as, all too often, honeypots are misunderstood and mistrusted.
Multi-platform backdoor served through compromised website
The compromised website of a Colombian transport company has been found serving a signed Java applet that detects whether the visitor is using a Windows, OS X or Linux machine and drops a different Trojan for each platform.
Trojan found being offered on Google Play for weeks
Dubbed Android.Dropdialer, the malware in question is a Trojan that sends SMS messages to premium rate numbers, but only if the user is on either Mobile TeleSystems networks or Beeline, two popular Russian telecom providers that are also present in some Central and Eastern European countries.
Top skills for IT asset management leaders
Gartner has identified six skills that are considered priority skills for ITAM leaders.
Nearly half a million Yahoo passwords leaked following hack
Some 450,000 email addresses and associated unencrypted passwords have been dumped online by the hacking collective “D33Ds Company” following the compromise of a Yahoo subdomain.
Instagram “Friendship Vulnerability” patched
A flaw in the popular Instagram app that allows potential snoopers to add themselves as friends of any Instagram user and, consequently, to access his or hers private information and photos has been discovered by researcher Sebastian Guerrero.
The use of exploit kits changed spam runs
Spammers used to depend on email recipients to tie the noose around their own necks by inputing their personal and financial information in credible spoofs of legitimate websites, but with the advent of exploit kits, that technique is slowly getting sidelined.
NVIDIA and Android forums hacked, user credentials stolen
Following the high-profile breach of one of Yahoo’s subdomain servers and the resulting leak of over 450,000 passwords stored in clear text in one of the exfiltrated databases, today was marked with the revelation of three more breaches: the official forum site of technology company NVIDIA, Androidforums.com, and Billabong.com.