Week in review: Vessel tracking system cracked, iCloud protocols analyzed, the relevancy of AV tests

Here’s an overview of some of last week’s most interesting news, videos, inteviews and articles:

Digital ship pirates: Researchers crack vessel tracking system
In the maritime business, Automated Identification Systems (AIS) are a big deal. They supplement information received by the marine radar system, are used for a wide variety of things – including ship-to-ship communication – and are relied upon each and every day. Unfortunately, the AIS can also be easily hacked in order to do some real damage, claims a group of researchers.

Best practices for threat management
Many solutions are capable of identifying potential threats and establishing relative severity, however they are often limited to a single source of knowledge, which means IT has to manually investigate each individual event, policy violation or otherwise suspicious activity. Not only is this process time consuming, it is also costly and prone to human error in the face of the high volume today’s complex threats.

Analyzing APK files inside an online Android application sandbox
Anubis is an online project developed by International Secure Systems Lab, which focuses on analyzing of binaries for different type of systems. The online sandbox was first providing capabilities of analyzing Windows PE executables, but from mid-2012 they started supporting Android apps as well.

Free eBook: Linux Patch Management
Linux Patch Management offers Linux professionals start-to-finish solutions, strategies, and examples for every environment, from single computers to enterprise-class networks.

Internet sites “fingerprint” users by secretly collecting browser info
A group of European researchers have released the results of their research into just how many of the most visited Internet websites track users without their knowledge with the help of “device fingerprinting”, and the answer is 145 out of 10,000.

Strengths and weaknesses of MS SmartScreen filter
Microsoft’s SmartScreen application control feature, introduced with Internet Explorer 8 and lately ported to Windows 8 is a good addition to the new OS. It might occasionally block a legitimate app from running, but it will also block many malicious ones, as well. That being said, SmartScreen has its limitations. In this podcast recorded at Virus Bulletin 2013, NSS Labs Research Director Randy Abrams talks about what the feature is good at and where it fails, and shares what other protection technologies do a good job picking up the slack.

WordPress security threats, protection tips and tricks
Robert Abela is a WordPress Security Professional and founder of WP White Security. In this interview he talks about the main WordPress security risks, offers tips for website owners on how to protect themselves, and much more.

Lavabit users allowed to access accounts and retrieve data
Lavabit’s Ladar Levison has announced that the users of his recently closed down email service will be able to briefly access their accounts so that they can retrieve their emails and any data that they lost in the shutdown.

Solving the dilemma of vulnerability exploitation disclosure
The subject of software and hardware vulnerability disclosure has been debate time and time again, but what about disclosure of information about the fact that vulnerabilities that are being exploited in the wild? What is the responsible thing to do then? In this podcast recorded at the Virus Bulletin 2013, Tom Cross from Lancope shares some insight into the things you should take into consideration when deciding on the best course of action.

Video: Hacking back and active defense
In this DerbyCon video, John Strand will demonstrate the Active Defense Harbinger Distribution, a DARPA funded, free Active Defense virtual machine. He will debunk many of the myths, outright lies and subtle confusions surrounding taking active actions against attackers. From this presentation, you will not only know how to take action against attackers, you will learn how to do it legally.

Convincing “Urgent Windows Error Fix” phishing email doing rounds
A pretty convincing email phishing campaign is targeting one of the largest user bases out there – those who use Microsoft’s Windows OS – by taking advantage of the recent problems that the company has been having with updates.

Lessons learned from sinkholing the ZeroAccess botnet
The ZeroAccess botnet is currently one of the largest one in existence, but its creators have recently received quite a blow when Symantec researchers managed to sinkhole nearly half a million of its bots. In this podcast recorded at the Virus Bulletin 2013, Candid W??est from Symantec shares details about their research into the malware, the sinkholing operation they executed, and the lessons they learned from it.

How CISOs get executive buy-in for security budgets
Most CISOs face significant challenges communicating the value of security in business terms, winning budget approval and planning for unanticipated expenses—and find benefits from conferring with and learning from the experiences and successes of their peers.

Apple’s iCloud protocols cracked and analyzed
In his presentation at the Hack in the Box Conference, co-founder and CEO of Russian password-cracking / recovery company ElcomSoft Vladimir Katalov has shared the results of their efforts in cracking and the discoveries they made by analysing Apple’s iCloud protocols, as well as those used for Windows Phone and BlackBerry backups.

Customizing defense models to reduce the window of exposure
In this podcast recorded at Virus Bulletin 2013, Andreas Lindh of I Secure talks about the technologies in use that are no longer enough, the effectiveness of patch management and the need for hardening, and the things every organization has to take into consideration when creating its customized defense model.

How to sniff local network traffic on an unrooted Android device
Google Play hosts a number of applications that focus on local network traffic sniffing for Android devices, but for the majority of them you would first need to root the device. I worked on a project where I needed a quick glance on what networking requests an Android application does in the background, so the easiest way was to setup a local sniffer on the device itself.

How meaningful are AV tests?
Dr. Richard Ford from the Florida Institute of Technology talks about his team’s attempt to conduct a meta-analysis of a month’s worth of anti-malware tests by using techniques commonly found in other disciplines, and shares the conclusions they drew from this research.