Week in review: Cybercrime-as-a-service, Groklaw shutdown, WIn8 unfit for govt computers
Posted on 26 August 2013.
Here's an overview of some of last week's most interesting news, reviews and articles:


Lucrative business: cybercrime-as-a-service
With the rise of cloud computing, small business owners are not just selling their goods and products online, but are increasingly selling their online services – giving rise to a number of ‘as-a-service’ businesses. While legitimate companies offer services such as ‘software-as-a-service’, ‘infrastructure-as-a-service’ and ‘platform-as-a-service’, this trend has fed down into illegal cyber trades.

New Zeus variant creates bogus Instagram accounts
If you are familiar with the results of a recently finished study regarding online content popularity that concluded that "likes" beget "likes", the fact that people are willing to pay good money for fake Twitter, Instagram and Facebook followers as well as "likes" and "retweets" will not come as a surprise.

Lavabit owner risks arrest for not complying with surveillance order
When Ladar Levison, owner and operator of secure webmail service Lavabit, announced the shut down of the service so that he didn't have to "complicit in crimes against the American people", the decision came as a surprise to many.

LastPass bug leaks plain text passwords
Users of popular password manager LastPass have been advised to update to the latest version of the software, which incorporates a patch for a recently discovered bug that could allow attackers to retrieve stored LastPass passwords.

Scanning the Internet in less than an hour
Scanning the Internet used to be a task that took months, but a new tool created by a team of researchers from the University of Michigan can scan all (or most) of the allocated IPv4 addresses in less than 45 minutes by using a typical desktop computer with a gigabit Ethernet connection. The name of the tool is Zmap, and its uses can be many.

The erosion of privacy in the digital world
Yves Le Roux is the Technology Strategist at CA Technologies and Chair of ISACA’s Data Privacy Task Force. In this interview he discusses the evolution of the digital identity, the influence of politics on privacy, Google Glass, and much more.

ENISA analyzes major security incidents in the EU
The European Union Agency for Network and Information Security (ENISA) issued a new report providing an overview of the major outage incidents in the EU in 2012.

Groklaw shuttered because email is no longer safe
Since 2003, Pamela Jones - then a simple paralegal, now a journalist and editor - covered legal news regarding free and open source software on her law blog Groklaw. Her website went on to win several awards and has been a point of reference of many - but no more. Comparing her feelings regarding the revelations about NSA surveillance and the inability to assure her sources' privacy to how she felt violated after a burglar ransacked her apartment years ago, she says that she doesn't know how to function or how to keep doing Groklaw in such an atmosphere.

Is evading an IP address block to access a website against the law?
A ruling in a lawsuit mounted by Craigslist and against ad indexing firm 3Taps has once again brought attention to the Computer Fraud and Abuse Act (CFAA), its vague wording, and the need to modernize it.

Analysis of Poison Ivy remote access tool
A new FireEye report highlights the resurgence of Poison Ivy, a malware Remote Access Tool (RAT) that has remained popular and effective eight years after its original release - attacking dozens of Fortune 1000 firms.

Miranda battles to have seized stuff back, Guardian details drive destruction
David Miranda, the partner of The Guardian reporter Glenn Greenwald, has employed UK lawyer firm Bindmans LLP to inform the British Home Office that they will challenging the legality of Miranda's recent detention on Heathrow under Schedule 7 of the Terrorism Act of 2000.

Apple Dev Center was hacked via remote code execution bug
Apple's ever expanding article listing researchers' credits for finding and reporting potential security issues in Apple's web servers has some new entries, and reveals that UK-based researcher Ibrahim Balic is not to blame for last month's outage of the Apple developer center.

League of Legends user account, credit card info compromised in breach
North American players of the popular League of Legends online game are advised to change their passwords as soon as possible, as a breach of Riot Games' servers resulted in the compromise of critical account information.

NSA surveillance system can listen to 75% of US Internet traffic
Current and former government officials that (predictably) don't want to be named have shared with WSJ reporters that while the NSA isn't legally allowed to spy on what US citizens are doing online, the agency's surveillance network is capable of reaching and rifling through some 75 percent of US Internet traffic when searching for foreign intelligence.

Bradley Manning gets 35 years in prison for leaking army documents
Bradley Manning, the 25-year-old former US intelligence analyst who has admitted to having leaked over 700,000 secret government documents to WikiLeaks, has been sentenced to spend 35 years in prison.

Simple Steps to Data Encryption
After last week's Practical Anonymity, here is another book by Peter Loshin that you might need in this new world of ours. It's a practical, hands-on guide about how to use GnuPG, a command line tool that allows you to protect your data and communications.

Ruling shows NSA misled the FISC about data collection volume and scope
A (redacted) FISA court opinion released yesterday by the US government has shown that in 2011, a judge of the Foreign Intelligence Surveillance Court (FISC) found that for three years, the NSA has been annually siphoning "tens of thousands of wholly domestic communications, and tens of thousands of non-target communications of persons who have little or no relationship to the target but who are protected under the Fourth Amendment."

Popular Windows downloader has secret DDoS capability
Unbeknownst to its users and perhaps even to its developers, the popular Windows download manager Orbit Downloader has been outfitted with a DDoS component.

Windows 8 shouldn't be used on government computers, say IT experts
Internal documents of the German Ministry of Economic Affairs perused by a reporter of news outlet Zeit Online show (via Google Translate) that IT professionals working for the government don't consider computers running Windows 8 secure enough for government and business use.

CyanogenMod announces secure phone locating, remote wiping service
The service will be accessible via the (optional) CyanogenMod Account and, according to the project's head moderator, is better than other similar solutions.

How encryption and tokenization help with cloud services adoption
Today’s CIOs and CISOs are facing continued pressure to adopt the cloud enterprise-wide while managing the increasing operational and security risks associated with it. While the challenge can be daunting, a new Gartner report highlights the role that encryption and tokenization technologies can play in helping enterprises adopt cloud services, even those in highly regulated industries or in regions with strict data sovereignty requirements.





Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //