The specter of politically motivated cyber attacks reared its head again this week, while closer to home, the names of two software giants: Google and Adobe were all over the headlines when it came to security this week, as several bugs were found…and fixed in the companies products. Read
on for the full week in review.
Days after publishing a report on serious security lapses in the PayPal mobile payments application for the iPhone, a Chicago firm has released an analysis that finds similar problems in a mobile banking applications by Bank of America and Wells Fargo.
Microsoft’s Bing is looking into SSL and other privacy
settings for the next version of their search engine. Currently the site strips
SSL when forced into HTTPS and in turn, brings up an advisory on browsers signaling
an unsafe connection.
Introduced at Toorcon, the Firefox extension allows
attackers to capture site cookies from users on unsecured wireless networks and
browse under their logon.
Autumn conferences grabbed the headlines this week as presentations at the Toorcon Conference in San Diego and SecTor in Toronto wrapped up October, with revelations about the vulnerability of social networking sessions and critical infrastructure headlining.
TORONTO–If the spate of vulnerabilities and sophisticated attacks against browsers in the last couple of years has done nothing else, it’s certainly shown just how vulnerable users are as they go about their daily business on the Web. In a talk at the SecTor conference, a researcher showed several methods for combining a variety of new and existing attacks that can not just compromise users’ Web accounts but also allow attackers to use that information to extend their attacks in a number of directions.
With bank fraud and attacks against financial institutions and online banking applications having turned into an epidemic, researchers, banks and other concerned parties have been looking for new ways to protect the integrity of financial transactions. A researcher at the University of Cambridge working on the problem has developed a new device that can act as a trusted intermediary to ensure the validity of electronic transactions.
Stuxnet Redux and The
Wire: United States
Governments, the Internet and security were the theme as Internet wiretapping, trans national cyber laws and the further
proliferation of Stuxnet – a computer virus believed to have state backing – topped this week’s news.
The last 10 years have seen a great number of advancements in the sophistication and usability of strong encryption programs, and many people now use encrypted messaging services by default. This has made it much simpler for people to keep their private thoughts and data private and secure, and now the government is working diligently to roll back all of that progress with a naive, ill-conceived effort to cripple secure communications networks in the name of national security.
Federal law enforcement and national security officials are preparing to
seek sweeping new regulations for the Internet, arguing that their
ability to wiretap criminal and terrorism suspects is “going dark” as
people increasingly communicate online instead of by telephone. Read the full article. [The New York Times]
A
Long Beach, California man who helped funnel stolen cash to a global network of
hackers and carders was sentenced Thursday to 6 years in prison for
conspiracy to launder money.
Cesar Carranza, 38, sold MSR-206’s to carders to encode stolen bank card
data onto blank cards, and he served as a conduit to transmit stolen
money between mules and carders. Read the full article. [Wired]
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
