Week in review: Car hacking, Opera breach, and Carberp source code leaked

Here’s an overview of some of last week’s most interesting news, videos, reviews and articles:

Snowden on the run, leaks continue unabated
Documents he shared with reporters of The Guardian have revealed another spying scandal – the British spy agency Government Communications Headquarters (GCHQ) has secretly tapped over 200 fiber-optic cables carrying the world’s phone calls and internet traffic and has been sharing information acquired thusly with the NSA.

DDoS attacks: What they are and how to protect yourself
Ameen Pishdadi is the CTO at GigeNET. In this interview he discusses the various types of DDoS attacks, tells us who is at risk, tackles information gathering during attacks, lays out the lessons that he’s learned when he mitigated large DDoS attacks, and more.

Android fake AV demands ransom, crashes
Symantec researchers have recently unearthed a mobile fake AV solution called “Android Defender” being offered on a number of unofficial, third party download sites under the guise of an extension for the Skype VoIP app.

How big data is transforming information security
In this video recorded at Hack In The Box 2013 Amsterdam, Eddie Schwartz, CSO at RSA, The Security Division of EMC, discusses the impact of big data on information security. He talks about security management, fraud, identity management, governance, risk and compliance.

Researchers reveal tricks for Cutwail’s endurance
While some botherders have opted for the arguably much safer P2P architecture in order to assure their botnets’ resilience, others are still clinging to the standard distributed C&C option. Among the latter are the masters of the Cutwail / Pushdo botnet, one of the most long-lived ones around, and their decision must be working well for them as despite several past takedown attempts it is still going strong.

U.S. senators propose new privacy bill following surveillance scandal
A group of U.S. senators lead by Senator and Chairman of the Senate Judiciary Committee Patrick Leahy have introduced a new legislation that aims to improve government oversight and accountability when it comes to domestic surveillance.

Car hack attack a possible theory behind journalist’s death
The recent tragic death of noted journalist Michael Hastings – and the (still unclear) circumstances of which have given rise to many theories about whether the death was accidental or the result of foul play – has brought attention to the subject of car hacking.

SSL Labs: Deploying forward secrecy
With revelations about mass surveillance in the news everywhere, an obscure feature of SSL/TLS called forward secrecy has suddenly become very interesting. So what is it, and why is it so interesting now?

Confirmed: Carberp source code leaked
Peter Kruse, security researcher with CSIS Security Group, said that the ZIP file contains the complete source code for Carberp and that the code compiles and works just as described in the text files included in archive.

Blizzard suspends mobile app access following account hijacks
A number of World of Warcraft players have been unpleasantly surprised this last week to find that someone has apparently broken into their accounts and bought low-level items for comparatively huge sums, leaving them with almost no digital gold.

Creating a cloud security policy
Building a cloud security policy is a crucial step to take before diving into the cloud to ensure maximum benefits are achieved and data is secure. But some organizations, in the rush to adopt, forgo this crucial task.

Chat securely on Facebook with Synapsid
Synapsid is an iOS app that promises an encrypted chat experience on Facebook. In addition to having secure conversations, Synapsid allows you to: view friends profiles, add friends to your contacts, view and share pictures, view and respond to event invites, create new events with cover photos, host events from your pages, and more. This review will stick to the security aspect of sending and receiving encrypted chats.

Data-slurping Facebook Graph Search flaw revealed
A mobile developer has discovered what he claims is a security vulnerability in the Facebook Graph Search that allowed him to automate the compilation of a list of some 2.5 million phone numbers – some of which are tied to Facebook accounts and, therefore, user identities – to prove a point to the company.

Can DDoS attackers turn mitigation devices against you?
SYN reflection attacks are one of the more sophisticated DDoS attack methods and typically require some skill to execute. However, they have recently grown in popularity as they’ve become available on a DDoS-as-a-Service basis via the criminal underground.

Opera infrastructure compromised, users hit with malicious update
A breach of the Opera Software internal infrastructure has resulted in the theft of an expired Opera code signing certificate and used it to sign a piece of malware, package it and push it out as an update for the Opera browser.

Facebook bug leaked more info than company reported?
The Friday before last, Facebook tried to make its latest disclosure of an information-leaking bug as low-key as possible, but luckily there were researchers who actually analyzed the bug and the type of information it leaked before it was fixed.

Technology and the death of privacy
In a recent article, Jill Lepore, professor of American history at Harvard University, has explained beautifully the history and present of the notions of secrecy and privacy, and has pointed out – among other things – two thoughts (facts?) that I would rather not face.

Can you trust your online backup service?
If you search Google for online backup services, you get many results from companies all over the world. But, setting all the shiny advertisements aside, how secure are your files with these providers?

Abuse of mobile app permissions
The permissions in free apps, funded by adware, leak personal information which ad networks use to serve targeted ads. However, McAfee found that 26 percent of apps are likely more than just adware.

Another NSA internet and email data collection program revealed
According to secret documents shared by Snowden, the Obama administration had allowed for two years the continuation of an NSA data collection program started during President George W. Bush’s first mandate in 2001.

Wi-Vi: Seeing through walls with Wi-Fi signals
Two MIT researchers have created Wi-Vi, an experimental system that uses Wi-Fi signals to track moving objects – usually people – behind a wall and in closed rooms. The system works on the same principle as a sonar – it releases (in this case) Wi-Fi radio waves and detects and measures their intensity as they rebound off walls and objects.


Subscribe to the Help Net Security breaking news e-mail alerts:

More about

Don't miss