Week in review: MS-CHAPv2 cracked, Cybersecurity Act shot down, and modern day pirates

Here’s an overview of some of last week’s most interesting news and articles:

Five steps for a secure cloud transition
Almost every type of SMB is examining its current IT infrastructure, determining what data and processes can move to the cloud. Of course, security remains one of the biggest concerns. Here are five steps to make the transition much safer for your data and your company.

Wargame examines the future of US infrastructure
Booz Allen Hamilton concluded the first-ever wargame simulation examining creative infrastructure initiatives and solutions that factor in US transportation needs by the year 2040.

1,500 severe security events detected on Black Hat WLAN
“You simply don’t see the kind of traffic, users or volume of security incidents that you see at Black Hat USA anywhere else,” says Aruba engineer Robbie Gill.

Researcher demonstrates highly persistent hardware backdoor
Spurred by the conclusion of a recent report that said that given the fact that China is the de-facto manufacturer of most IT equipment in the world, it could easily backdoor any computer well before it’s shipped to its buyers, security researcher Jonathan Brossard decided to prove the practicality of such backdooring.

Is Ubisoft’s DRM browser plugin a rootkit?
An offhand remark made by Google engineer Tavis Ormandy to a post on the Full Disclosure mailing list has sparked anger in the harts of Ubisoft users, as he shared his discovery of what seems to be a rootkit in the DRM system used by the company.

“Groupon discount gifts” email leads to malware
The email purportedly comes from Groupon, the popular deal-of-the-day website, and tries to convince the recipient that one of his friends has found an incredible deal and has decided to share the news.

Overcoming the hacker hurdle during the Olympics
The Olympics super concentrates people and commerce—making for a very attractive target hackers seeking profits or trying to make a political statement. What does this bode for London 2012?

Researcher releases tool for cracking MS-CHAPv2, PPTP no longer secure
Moxie Marlinspike, the mind behind the Convergence SSL authenticity system, has presented at Defcon a tool that allows attackers to crack the MS-CHAPv2 authentication protocol, which is still used in many PPTP (Point-to-Point Tunneling Protocol) VPNs and WPA2 Enterprise environments.

Modern day pirates
With more computers worldwide, especially in economies where even “light” cybercrime (such as farming gold for World of Warcraft) is a welcome option to spending 12+ hours a day in a factory, what is the truth about cybercrime?

Insider threat in financial services sector
When it comes to preventing insider fraud, financial organizations would do well to more closely monitor experienced, mid-level employees with years on the job.

Dropbox confirms hack, announces 2-factor authentication
After weeks of investigating how it came about that a sizable number of its European users began receiving spam advertising gambling websites to dedicated (and not) email addresses, file hosting service Dropbox has shared the result of the investigation.

DDoS attacks aimed at telecom systems are on the rise
DDoS attacks are usually seen as the domain of hacktivists and hackers looking to block – then blackmail – companies that are heavily dependent on their Internet presence. But, with the rise of botnets for sale, the nature of the attackers ha changed and the options have widened. No longer are just servers and email accounts in danger of getting flooded, but mobile and stationary telephone lines as well.

Illinois bans employers from demanding employees’ Facebook password
“Members of the workforce should not be punished for information their employers don’t legally have the right to have,” Governor Quinn said. “As use of social media continues to expand, this new law will protect workers and their right to personal privacy.”

US Senate shoots down Cybersecurity Act of 2012
Despite being endorsed by President Obama, the Cybersecurity Act of 2012 has been blocked by the US Senate.

Skype spamming tool offered for peanuts
It’s any wonder that a lot of individuals who want to earn a quick buck turn to setting up online scams when the tools to do it are widely available and cheap, and the likelihood of getting caught is very small?

Vulnerability disclosure framework for industrial control systems
The Industrial Control Systems Joint Working Group (ICSJWG) published “The Industrial Control Systems Common Vulnerability Disclosure Framework”, which is a significant step towards standardization of vulnerability disclosure policies for ICS vendors and system integrators.

Google Play updates developer policies to tackle rogue apps
The company sent an email detailing the changes to all developers and has given them a deadline within which they are required to fix and republish any application that breaks the newly given rules.

US banks targeted with advance-fee scams
It seems that gullible or desperate individuals aren’t the only ones who fall for advance-fee scams, as the US Federal Deposit Insurance Corporation has recently revealed that some financial institutions have become victims, too.

Bogus AT&T emails lead to malware
A massive phishing campaign masquerading as billing information from the telecom giant has been targeting its customers in the last few days.




Share this