Reusable Code: The Mason Jars of Security

Guest editorial by David MortmanIt’s early fall here in Ohio which means it’s time for the second round of canning for the winter. So last weekend my kitchen was covered in bushels of apples and pounds of greens and a whole lot of canning jars. As you know by now, I love to cook and I love a well-designed kitchen tool. Mason jars in particular make me extremely happy. They were invented in 1858 and fundamentally haven’t changed in the subsequent 150 years.

An Inside Look at Botnet Chasers

They’re the Internet equivalent of storm chasers, spending endless hours scanning and sleuthing, looking for the telltale signs of botnets. Here’s an inside look at the battle against cybercrime’s weapons of mass infection. Read the full article. []

A critical vulnerability in the Wikipedia Toolbar extension for Firefox has been discovered that can be exploited by an attacker to compromise a victim’s system. According to the Secunia report, the cause of the problem is due to the application using invalidated input in a call to eval() which can be exploited to execute arbitrary JavaScript code.

Hackers are increasingly targeting law firms and public relations
companies with a sophisticated e-mail scheme that breaks into their
computer networks to steal sensitive data, often linked to large
corporate clients doing business overseas. Read the full article. []

The recent ACM Cloud Computing Security Workshop in Chicago was devoted specifically to cloud security. Speakers included Whitfield Diffie, a cryptographer and security
researcher who, in 1976, helped solve a fundamental problem of
cryptography: how to securely pass along the “keys” that unlock
encrypted material for intended recipients. Diffie, now a visiting professor at Royal Holloway, University of
London, was until recently a chief security officer at Sun
Microsystems. He sat down with Technology Review’s chief
correspondent. Read the full article. [Technology Review]

A hacker has broken into the Nebraska Worker’s Compensation database,
prompting an FBI investigation and an effort to contact those who may
be affected. Several thousand people could be affected by the
breach, which was discovered last week when the state’s chief
information officer noticed an unusual amount of Internet traffic
traversing the Worker’s Compensation courts server. Read the full article. []

U.K. police are hailing the sentencing of four people who used a
sophisticated Trojan horse program to siphon money out of online bank
accounts. The men used a Trojan horse program called PSP2-BBB that executed a
so-called man-in-the-browser attack when potential victims logged into
online bank accounts. The Trojan would insert a special page within the
customer’s browsing session asking for more personal information,
according to police. Read the full article. [IDG News]

Internet security experts say that misconfigured DSL and cable
modems are worsening a well-known problem with the Internet’s DNS,
making it easier for hackers to launch DDoS attacks against their
victims. According to research, part of the problem is blamed on the growing number of
consumer devices on the Internet that are configured to accept DNS
queries from anywhere, what networking experts call an “open recursive”
or “open resolver” system. Read the full article. [InfoWorld]

The same-origin policy vulnerability in Adobe Flash that was disclosed last week by a researcher at Foreground Security is more serious than just a simple software flaw, experts say. It illustrates a fundamental flaw in the way that Flash objects are handled by Web servers and Web browsers, alike, leading to a serious weakness on both ends of the Internet communication channel.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.