Weekly Rewind – Top Industry News, ExploitSearch, DNSChanger, & More…

April 26, 2012
By

Post to Twitter Post to Facebook Post to Reddit

Icon of Rewind ButtonIf you missed anything or happened to be offline this past week, we hope you find this post useful as a quick reference. For those readers that may not have noticed, I actually tack on a bit of commentary to some the industry articles – so check out my italicized/bolded opinions and let me know if you agree in the comments.

A la Schneier … you can also use this rewind post to talk about the security stories in the news that I haven’t covered.

Industry Articles

Alan Turing Papers on Code Breaking Released by GCHQ: Two 70-year-old papers by Alan Turing on the theory of code breaking have been released by the government’s communications headquarters, GCHQ. It is believed Turing wrote the papers while at Bletchley Park working on breaking German Enigma codes. (continued here) (@grecs: Love older crypto historical stuff like this.)

MD Becomes First to OK Password Protection Bill: Maryland is poised to become the first state that bans employers from demanding applicants or workers hand over their log-in information for social media sites like Facebook. The measure, …, keeps companies from snooping on password-protected content, … (continued here) (@grecs: Nice to see a local state blazing the trail in this area. I see other states following shortly.)

Iran Cuts Off Internet Access to Oil Refineries Following Malware Attack: Iran’s Ministry of Oil has cut off Internet access to six oil refineries following an apparent cyber attack targeting their networks, it was widely reported on Monday. Representatives of the ministry said it has formed a “crisis committee,” according to BBC Persian, citing Mehr News. (continued here) (@grecs: We’ve yet to see the outcome of this but it’ll be interesting to follow.)

Investigation Reveals Serious Cloud Computing Data Security Flaws: A UK security company has revealed the long-awaited details of a research study involving four cloud service providers (CSPs) that pinpointed serious cloud computing data security problems, including the ability for customers, in some cases, to access each others’ stored data. (continued here) (@grecs: Fascinating research regarding “dirty data” left behind. This could the first major chink in the underlying cloud architecture.)

Backdoor in Mission-Critical Hardware Threatens Power, Traffic-Control Systems: In the world of computer systems used to flip switches, open valves, and control other equipment inside giant electrical substations and railroad communications systems, you’d think the networking gear would be locked down tightly to prevent tampering by vandals. (continued here) (@grecs: Looks like some “debug” code was left in. Oops…)

Our Blog Posts

FBI Rolls Eyes to Prevent Internet Outage: We’ve discussed this topic before in our “Operation Deadline Extension” article but in the month since that post, it seems a significant number of bots are still reporting into the two temporary DNS servers the FBI setup to keep DNSChanger Trojan-infected computers from losing Internet access. First off, they wouldn’t be loosing Internet access … just the ability to translate domain names into IP addresses. But that’s a nit as it’s essentially the same thing from the average users’ perspective. (continued here)

What Apple Malware Grace Period?: On Friday Forbe’s columnist Andy Greenberg wrote a very interesting piece entitled “Cybercrime Game Theory: Why Apple’s Malware Grace Period Ended Early.” In it he discusses how SourceFire researcher Adam J. O’Donnel used Game Theory to predict the market share at which Macs would have to achieve in order for it to be worthwhile for cyber criminals to start attacking the Mac platform. This research occurred almost four years ago and that percentage was 16%. (continued here)

It’s “Cyber Week” in Washington: I’m not too much of a politics sort of guy but several headlines caught my attention for this upcoming week. Being a suspicious person … many of these bills often sound good on the surface but I often question the true motives behind each. Maybe there are no motives and people are just trying to make the world a better place … but more than likely they aren’t. But that’s how our government runs and I guess we have to take the good with the bad. Here’s a quick run-down of all the bills being looked at this week: (continued here)

Poll: Is New Cyber Legislation Needed?: In honor of this week informally being called “Cyber Week” with all the legislation up for grabs on the hill as discussed yesterday, we thought it would be an appropriate topic for this weeks survey. As mentioned yesterday the bills we’ve come across that are being voted on this week include the following. Cyber Intelligence Sharing and Protection Act (CISPA); Federal Information Security Amendments Act (FISCAM); Cybersecurity Enhancement Act; and Advancing America’s Networking and Information Technology Research and Development Act (continued here)

ExploitSearch.net – The Exploit Metasearch: I was searching around looking for a solution on changing my Apple Remote’s default settings and was particularly interested in knowing if someone could use it’s out-of-the-box settings to perform nefarious activities. I couldn’t find anything but during my search I came across a great site called ExploitSearch.net. I remember hearing about this website before on one of the many podcast I listen to but never really had time to check it out. I was thinking that it was just a Google Custom Search but this assumption is definitely not the case according to their FAQ. (continued here)

#####

Hope everyone had a wonderful week. Have a great weekend! See ya!

Leave a Reply

Your email address will not be published. Required fields are marked *


About Us

Founded in 2008, NoVA Infosec is dedicated to the community of Metro DC-based security professionals and whitehat hackers involved in the government and other regulated verticals. Find out more on our About Us page.