Week in review: LinkedIn, Hotmail security flaws, Chrome apps with dangerous permissions and the evolution of Mac fake AV
Here’s an overview of some of last week’s most interesting news:
1.5 billion smart credentials to ship
The increasing use of smart cards and biometric capture has changed the way government and healthcare citizen ID documentation is viewed, managed and deployed.
40% of IT staff could wreak havoc to your network
A survey showed that 40% of IT staff admit that they could hold their employers hostage – even after they’ve left for other employment – by making it difficult or impossible for their bosses to access vital data by withholding or hiding encryption keys.
iPhone 5 spam run leads to malware
The date of the release of iPhone 5 is still unknown, but that doesn’t stop malware peddlers from using it to lure in Apple fanatics.
iPhone hardware encryption investigated
ElcomSoft researchers were able to develop a toolkit to not only extract all relevant encryption keys from iPhone devices running iOS 4, but to make use of those keys to decrypt iPhone file system dumps.
The rise of layered fraud prevention
By 2014, 15 percent of enterprises will adopt layered fraud prevention techniques for their internal systems to compensate for weaknesses inherent in using only authentication methods, according to Gartner.
US communications privacy law in for a change?
U.S. Senator Patrick Leahy, one of the authors of the ECPA, deems that the time has come to change that provision and has proposed an amendment to that law to the U.S Senate.
LinkedIn security flaws allow account hijacking
LinkedIn users are in danger of having their their account hijacked when accessing it over insecure Wi-Fi networks or public computers, says independent security researcher Rishi Narang, and it’s all due to session and authentications cookies with an unnaturally long lifespan and LinkedIn’s failure to remove them once the user logs out.
Spammers establish their own fake URL-shortening services
For the first time ever, spammers are establishing their own their own fake URL-shortening services to perform URL redirection, according to Symantec.
Hotmail flaw allows attackers to exfiltrate emails
The analysis of a recent targeted attack against webmail users has led Trend Micro researchers to discover a vulnerability in Microsoft’s Hotmail webmail service that allowed attackers to siphon contact details and email messages from the victims’ accounts.
Fake VirusTotal site serves malware
VirusTotal – the popular free file checking website – has been spoofed by malware peddlers.
Program defeats audio CAPTCHAs, researchers learn how to improve it
A group of researchers from Stanford University’s Security Laboratory has managed to build a computer program able to solve audio CAPTCHAs, reported the University on its site
Comodo Brazil breached, sensitive data leaked
Hackers have managed to exploit a flaw in the company’s Brazil website and have managed to get their hands on the database containing information about Comodo’s SSL certificate customers and certificate authorities.
Apple acknowledges Mac Defender existence, gives removal instructions
It took a while for Apple to react properly to the onslaught of Mac Defender and similar fake AV aimed at Mac users, but they finally did it.
Spam not the problem it once was
The vast majority of users receive fewer than 10 spam emails per day.
How banks use Twitter to combat fraud
With phishing attacks hurting the credibility of email communications, forward thinking banks are turning to social media as the best channel to warn customers of scams and attacks.
35 million Google Profiles collected into private database
During the course of one month, a Ph.D. student of the University of Amsterdam has managed to create a database containing all Google Profiles – some 35 millions of them.
New Mac Defender variant doesn’t need your admin password
There is a new variant of the Mac Defender rogue AV out there, and this one doesn’t require users to enter the administrator password in order to install the program, warns security firm Intego.
Apps with dangerous permissions pulled from Chrome Web Store
The Android Market has already been found offering “trojanized” apps, and now the Chrome Web Store has been spotted offering two popular game extensions that request potentially dangerous permissions of users that want to install them.
The resurrection of the Mariposa botnet
When the news that the Spanish police arrested the three individuals suspected of running the Mariposa botnet was made public back in March 2010, it was generally thought that it might be the end of the line for one of the largest botnets ever reported on record.