31. January 2010 · Comments Off on Top IT Security Risk stories of the week · Categories: Top Stories · Tags: , ,

Due to time constraints this week, I'm doing a new type of post. Rather than commenting on the stories I find most interesting, I am posting a list of stories I found interesting but without commenting. For each one, I provide the headline linked to the story and the first paragraph or two of the story so you can decide if it's worth reading in it's entirety. 

Monday, January 25, 2010

What's Your DEP and ASLR Status? If you recall, Google says they were attacked by hackers based in China using a zero-day vulnerability in Internet Explorer. That vulnerability affected almost all versions of IE, but the attack was mitigated on some by systemic defenses like DEP and ASLR.

Flaws in the 'Aurora' Attacks  The attackers who unleashed the recent wave of
targeted attacks against Google, Adobe, and other companies, making off
with valuable intellectual property and source code, shocking the
private sector into the reality of the potential threat of
state-sponsored cyberespionage — but they also made a few missteps
along the way that might have prevented far worse damage.

Tuesday, January 26, 2010

'Aurora' code circulated for years on English sites; Where's the China connection?  An error-checking algorithm found in software used to attack Google and other large companies circulated for years on English-speakinglanguage
books and websites, casting doubt on claims it provided strong evidence
that the malware was written by someone inside the People's Republic of

Aurora-style attacks swiped oil field data from energy giants; Social networks implicated in planning Google assault   At least three US oil giants were hit by cyberattacks aimed at
stealing secrets, in the months before the high-profile Operation
Aurora attacks against Google, Adobe et al in December.

Targeted attacks against Marathon Oil, ConocoPhillips, and
ExxonMobil took place in 2008 and followed the same pattern as the
later Aurora assaults. Information harvested by the attacks included
"bid data" that gave information on new energy discoveries, according
to documents obtained by the Christian Science Monitor.

Wednesday, January 27, 2010

Hydraq (aka Aurora) attack's resiliency uncovered   Security researchers continue to peel back the layers on the
Trojan.Hydraq aka Operation Aurora attacks first reported publicly
earlier this month, and the techniques employed by the threat to stay
alive on infected machines were apparently neither cutting-edge, nor
particularly sophisticated.

According to researchers with Symantec — who've published a series of blogs examining various technical elements of the Trojan.Hydraq
campaign — the attack used methods commonly observed in other malware
programs to remain alive inside of the organizations it infiltrated,
restart after systems restart.

Cost of data breaches increased in 2009; Ponemon Institute research says malicious attacks are the most costly breaches   The cost of data breaches continues to rise,
and malicious attacks accounted for more of them in 2009 than in
previous years, according to a study published today.

In conjunction with study sponsor PGP Corp., Ponemon Institute
today released the results of its fifth annual "U.S. Cost of a Data
Breach" report. The news isn't good, according to the research firm's
founder, Larry Ponemon.

Personal data stolen? Don't count on being told promptly  Andrea Rock of Consumer Reports highlights one of the findings of the new Ponemon report: Not only are data breaches from criminal attacks on U.S.-based
companies’ financial and customer data on the rise, but your odds of
being promptly informed if you’re a breach victim aren’t very high,
according to a new data breach report just released by the Ponemon

The rise of point-and-click botnets  This post highlights a graphic from Team Cymru, a group that monitors studies online attacks and other badness in the
underground economy. It suggests an increasing divergence in the way
criminals are managing botnets, those large amalgamations of hacked PCs
that are used for everything from snarfing up passwords to relaying
spam and anonymizing traffic for the bad guys, to knocking the targeted
host or Web site offline.

Where art thou conficker?  Researchers noted this week that the buzzworthy Trojan.Hydraq campaign
that was used to hack Google and some other tech giants employed some
of the same techniques used by our dear old pal Conficker to remain
resident on infected PCs. Which causes one to ponder, what happened to this attack which a
year ago captured the interest of so many people for some particular

Thursday, January 28, 2010

Haiti spam leads to new malware  As rescue efforts continue in Haiti, the world
waits with bated breath for more good news about survivors.
Unfortunately, while most people are thinking of ways to help victims,
cybercriminals are using the tragedy to further their own malicious
causes. Blackhat search engine optimization (SEO) poisoning attacks related to this tragedy have already led to FAKEAV infections. However, the most recent FAKEAV run appears to be only the start of more Haiti-related malware attacks.

Friday, January 29, 2010

The state of computer security in the UK  eSecurity Planet reports: British security consulting firm 7Safe and the University of Bedfordshire have released the UK Security Breach Investigations Report 2010, which looks at the current state of computer security in the UK through an analysis of actual data breaches.

Key findings include the fact that 69 percent of data compromises
occurred in the retail sector, 85 percent of cases resulted in stolen
payment card information, and SQL injection was used in 60 percent of

Simmering over a 'Cyber Cold War'  New reports released this week on recent, high-profile data breaches
make the compelling case that a simmering Cold War-style cyber arms
race has emerged between the United States and China.

A study issued Thursday by McAfee and the Center for Strategic and International Studies
found that more than half of the 600 executives surveyed worldwide said
they had been subject to “stealthy infiltration” by high-level
adversaries, and that 59 percent believed representatives of foreign
governments had been involved in the attacks.

Here is a link to another story about the above mentioned McAfee survey.

CIA, PayPal under bizarre SSL assault   The Central Intelligence Agency, PayPal, and hundreds of other
organizations are under an unexplained assault that's bombarding their
websites with millions of compute-intensive requests.

The "massive" flood of requests is made over the websites' SSL, or
secure-sockets layer, port, causing them to consume more resources than
normal connections, according to researchers at Shadowserver
Foundation, a volunteer security collective. The torrent started about
a week ago and appears to be caused by recent changes made to a botnet known as Pushdo.

Saturday, January 30, 2010

A tad too late, Google begins phase-out of IE6  Not that long after a Google employee running Internet Explorer 6 was hacked, creating an international incident, Google has announced that they will begin withdrawing support for IE6 in their own services.

New security features in Google Chrome  Google has announced a number of security enhancements that are being implemented in Chrome. Some have already been implemented in other browsers, including Firefox and IE and in significant add-ons like NoScript.