Week in review: Stratfor breach, brute-forcing WAPs and an analysis of Facebook attacks
Here’s an overview of some of last week’s most interesting news:
What’s in store for us in 2012
Looking forward into what lies ahead for us in 2012, Zscaler offers predictions for the upcoming threat landscape.
Anonymous targets security think tank, pilfers sensitive data
The hacking collective Anonymous has downed the website and stolen client information belonging to Stratfor (Strategic Forecasting Inc.), a US-based research group that gathers intelligence and produces political, economic and military reports that help government organizations and major corporations asses risk.
Pentagon officials allowed to use Android
US Department of Defense officials that need a mobile device are no longer restricted to using a BlackBerry – the Pentagon has now also allowed the use of Android, but only if it runs on Dell hardware, and only if it’s version 2.2 of the mobile platform.
SCADA and PLC vulnerabilities in correctional facilities
Many prisons and jails use SCADA systems with PLCs to open and close doors. Using original and publicly available exploits along with evaluating vulnerabilities in electronic and physical security designs, researchers discovered significant vulnerabilities in PLCs used in correctional facilities by being able to remotely flip the switches to “open” or “locked closed” on cell doors and gates.
A Bug Hunter’s Diary
Working on software developing projects comes with great responsibility, as system owners expect stable, performant and above all else, secure software systems to be delivered to them. This book teaches readers how to develop the necessary skills and a right mindset to discover, analyze and fix security-related bugs in their software.
Analysis of Facebook attacks
Commtouch published a comprehensive analysis of scores of malicious Facebook activities during the past year.
Brute-forcing wireless access points made easy
A design flaw in the WiFi Protected Setup that can allow attackers to easily brute-force their way into wireless network devices has been discovered and made public by Austrian information security student and researcher Stefan Viehb?¶ck.
Data-stealing Android Trojan masquerades as greeting-sending app
Text messages have largely replaced seasonal (and non) greeting cards, and there are mobile apps out there that let you send prewritten witty/sweet messages to friends and family. But there are also some that pretend to do that, and F-Secure researchers have recently spotted a Trojan targeting Chinese Android users that masquerades as just that type of app.
Microsoft releases MS11-100 for ASP.NET DoS attack
Today Microsoft released a security bulletin addressing a flaw in ASP.NET that was disclosed at the Chaos Communication Congress (CCC) in Berlin.