DHS Thinks Some SCADA Problems Are Too Big To Call “Bug”

The Stuxnet worm may be the most famous piece of malicious software ever written. When it was first detected, a little over a year ago, the worm sounded a warning to nations around the world that critical infrastructure systems were potential targets of attack for foreign governments and cyber criminal organizations alike. But with the anniversary of the Stuxnet worm’s discovery just past, the Department of Homeland Security admits that it is now reevaluating whether it makes sense to warn the public about all of the security failings of industrial control system (ICS) and SCADA software. 

British VPN Service Defends Role in Lulzsec Bust

British virtual private network (VPN) company Hide My Ass has taken a stand about their involvement in the arrest of an alleged Lulzsec member last week. In a blog post published on Friday, the company reiterated that they keep logs of their users’ history for 30 days and they will cooperate with law enforcement agencies if it’s become evident certain accounts have been used for illegal activites.

MySql.com Site Hacked, Was Serving Malware

The main Web site of MySql.com has been compromised and on Monday afternoon was serving malware to visitors for a short time through the use of JavaScript redirects. The site, which is owned by Oracle, was sending victims off to a remote site that is using the BlackHole exploit kit to install malware on their machines.

The Alureon rootkit has become not just a major headache for its victims, with its insidious infection routines and persistence once on a machine. But it also has proved to be a challenge for researchers engaged in trying to identify new versions and unwind its new tactics and techniques. The latest hurdle thrown up by Alureon is the use of steganography to hide configuration files to update infected machines with new instructions.

The revelation last week that researchers Thai Duong and Juliano Rizzo had developed a new attack on SSL that gives them the ability to decrypt some protected sessions on the fly sparked a lot of discussions about the inherent problems of the protocol and whether it has outlived its usefulness. But it’s not just SSL that’s the problem; it’s the slow accumulation of security problems in the key protocols and systems on which the Internet–and much of our world–rely that has become the real issue.

The FBI continued its pursuit of members of the hacking group LulzSec on Thursday, arresting a 23 year old Phoenix, Arizona man believed to be part of an online hacking crew that attacked systems belonging to Sony Pictures, the Bureau said in a statement Thursday.

Microsoft officials are seeking to assuage concerns that its implementation of UEFI in Windows 8 will prevent users from loading non-Microsoft operating systems or applications on their machines. Despite concerns raised by security researchers and open-source advocates about vendor lock-in and other issues arising from the use of a secure boot sequence in the upcoming OS, Microsoft says “the customer is in control of their PC.”

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.