Week in review: The danger of self-selected PINs, researchers break video CAPTCHAs, and the Consumer Privacy Bill of Rights
Week in review: The danger of self-selected PINs, researchers break video CAPTCHAs, and the Consumer Privacy Bill of Rights
Here’s an overview of some of last week’s most interesting news:
British student jailed for hacking Facebook
From his bedroom in the family home in York, Mangham managed to breach a Facebook webserver, the Facebook account of a company employee – which he then misused to access the company’s Mailman server and the Phabricator server used by Facebook’s developers.
Researchers break video CAPTCHAs, offer solutions
After creating the “Decaptcha” software to solve audio CAPTCHAs, Standford University’s researchers modified it and turned it against text and, quite recently, video CAPTCHAs with considerable success.
Syrian dissidents claim government uses malware to spy on them
According to the CNN and Dlshad Othman, a software engineer that joined the regime opponents and helps them with their IT security, two separate pieces of malware have been discovered after a slew of activists got their computers compromised.
Mozilla asks CAs in its root program to revoke all MitM certificates
Mozilla has sent an email to all the Certification Authorities participating in its root program asking them not to issue any more certificates for subordinate CAs which can be used to monitor encrypted data, and to revoke all such certificates they have already issued.
Microsoft says Google also bypassed IE’s privacy settings
Following the discovery that Google and other online advertising companies are bypassing Safari’s default “no tracking” settings with specific code inserted in their ads, Microsoft’s IE team wondered if they were doing the same with their browser. Unfortunately, the answer is yes, they do – or, at least, Google does.
Self-selected PINs aren’t that hard to guess
Wondering how easy to guess self-selected PINs are and failing to find any concrete study about the matter, a team of researchers from the University of Cambridge Computer Laboratory have set up to find the answer to that question for themselves.
Malware surpassed 75 million samples in 2011
McAfee released its latest threats report, revealing that malware surpassed the company’s estimate of 75 million unique malware samples last year. Although the release of new malware slowed in Q4, mobile malware continued to increase and recorded its busiest year to date.
Fake RIAA copyright violation notification serves malware
First spotted nearly a week ago, notifications of copyright violation supposedly sent by the Recording Industry Association of America are still hitting inboxes around the world.
Users don’t bother changing default passwords
Most people working with sensitive information want stricter security policies but rarely bother changing default, automatically generated and assigned passwords.
Indian govt to ask Yahoo, Google to route emails through servers in India
Web mail service providers such as Google, Yahoo, and others will be asked to route all emails accessed in India through servers located in the country – even if the mail accounts that receive and send them were registered outside it.
New Zeus/SpyEye makes bots function as C&C servers
The latest build of the Zeus/SpyEye malware shows a change that could very well hamper the security researchers’ ability to take down the botnets using it and to find out the criminals behind them.
FCC offers advice to ISPs for boosting network security
The Chairman of the Federal Communications Commission, an independent agency of the US government whose goals include public safety, says that Internet service providers should come up with a voluntary code of conduct aimed at keeping their customers and the Internet infrastructure safe from various threats.
White House announces Consumer Privacy Bill of Rights
As the privacy of Internet user seems to be eroding with every passing day and online companies can’t seem to guarantee them that their personal information will not be misused, the Obama Administration has stepped in to share their plane to protect privacy in this Internet age by adopting a Consumer Privacy Bill of Rights.
No skeleton key: Protecting your organization on the web
The pervasive nature of SSL and its unique role in securing e-commerce and numerous cloud services makes SSL attractive to security researchers and attackers alike. However, many of the lessons learnt are in no way specific to SSL and must be applied to other PKI and encryption deployments if we’re to avoid handing potential attackers a skeleton key to access our sensitive data or critical infrastructure.
10.8 million Android devices infected with malware
From 2010 to 2011, Android officially overtook Symbian as the most targeted mobile platform in the world by cyber criminals, according to NQ Mobile.
Bogus “Scan from a HP OfficeJet” notifications lead to malware
The campaign is widespread, and the subject lines and the content of the sent emails, as well as the name of the attached file, are constantly changed a little bit in order to try and bypass spam filters.