Week in review: 0-day SCADA flaws for sale, FreeBSD infrastructure breached, and the right to be forgotten

Here’s an overview of some of last week’s most interesting news and videos:

FreeBSD infrastructure breached, third-party packages potentially affected
The FreeBSD team has announced that two machines within the FreeBSD.org cluster have been compromised and have been consequently pulled offline for analysis.

Video: Incident response and cloud computing
Moving into a cloud environment can bring many advantages to organizations in terms of flexibility, scalability and other benefits. However, it also brings a number of challenges with regards to the security of your data in the cloud. In particular, in the event of a security breach how should an organization deal with the impact of same? This presentation from the HEAnet National Networking Conference 2012 by Brian Honan will examine these issues and suggest ways to address them.

Facebook rolls out always-on HTTPS by default
After expanding secure browsing from the login process to the entire site in January 2011, Facebook is finally rolling out HTTPS by default for all users – not just the ones who opted for it.

Google Chrome App grabs identities, forges blogs in victims’ name to promote scam
A Google Chrome app that promises to change the color of Facebook accounts instead nabs authentication cookies and generates dozens of blogs registered to the victims’ Gmail address, Bitdefender warns.

Half of business information resides outside the firewall
A surge in mobility is contributing to the sprawl, with smartphone and tablets in ANZ storing around 46 percent of business information, second only to India (62 percent).

Generation Tech: Gifted but a long way from bad
They have been described as technology’s Generation Y or Generation Tech: an undisciplined, impulsive, entitled horde of twenty-something workers, seen as one of the biggest security challenges ever to hit corporate networks. Having grown up in an age of lurching software advances, ubiquitous communication and social networking, this is not a group easily dissuaded from using any and every application by the old reasoning that software can be a “bit risky.’

Blackhole exploits lead a black month for malware
In October, GFI Software threat researchers uncovered a large number of Blackhole exploits disguised as Windows licenses (just prior to the release of Windows 8), Facebook account verification emails, Skype voicemail notifications, and spam messages.

The right to be forgotten: Between expectations and practice
The right to be forgotten is one of the elements of the new proposed regulation on data protection of the European Commission. The right allows people to ask for digitally held personal information to be deleted. The regulation is still to be adopted by the European Parliament. ENISA is launching its new report covering the technical aspects of “being forgotten”, as technology and information systems play a critical role in enforcing this right.

Fake versions of popular Apple apps sold on Google Play
If you are an Android user but you want to try out some of Apple’s most sought-after apps, you might be surprised to know that Apple has been seemingly offering them for sale on Google Play. I say seemingly because it was not actually Apple – although the developer’s name said “Apple Inc” and the contact email address android@apple.com.

Video: Why privacy matters
Privacy International asked lawyers, activists, researchers and hackers at Defcon 2012 about some of the debates that thrive at the intersection between law, technology and privacy.

Battles over online information control to escalate
The year ahead will feature new and increasingly sophisticated means to capture and exploit user data, escalating battles over the control of online information and continuous threats to the U.S. supply chain from global sources.

What’s the most coveted target for cyber attackers?
Despite repeated warnings, organizations are still failing to lock down the primary target of most cyber-attacks – privileged access points.

Info about 0-day SCADA flaws offered for sale
Following in the footsteps of French Vupen Security, Malta-based start-up ReVuln has also decided to sell information about zero-day vulnerabilities to companies and governments instead of sharing it with the developers of the flawed software and hardware.

U.S. denies hacking computers in the ?‰lysée Palace
U.S. cyber spies have allegedly hacked a string of computers inside the official residence of the President of the French Republic during the last days of Sarkozy’s tenure and have stolen confidential information by using the Flame malware.

Cyber Monday safety tips
AVG Technologies announces five tips to help consumers ensure secure online shopping. Whether from desktops, laptops, tablets or smartphones, these tips help consumers make purchases with confidence that personal data remain inaccessible to hackers and data thieves.

Understanding basic honeypot concepts
The EU cyber security Agency ENISA is launching an in-depth study on 30 different digital traps or honeypots that can be used by CERTs to proactively detect cyber attacks. The study reveals barriers to understanding basic honeypot concepts and presents recommendations on which honeypot to use.

Facebook wants to eliminate user voting on privacy changes
Facebook has announced some proposed updates to their Data Use Policy (how user data is collected and used) and their Statement of Rights and Responsibilities (explains the terms governing use of their services).

Bogus Apple invoice leads to Blackhole, banking malware
If you receive an invoice seemingly coming from Apple that apparently shows that your credit card has been billed for $699,99 (or a similar preposterously huge amount of money) because you bought postcard, don’t click on any of the embedded links no matter how curious or alarmed you are.