Web Security

OpenSSL Public Key Flaw Labelled Severe

Computer scientists say they’ve discovered a “severe vulnerability” in the world’s most widely used software encryption package that allows them to retrieve a machine’s secret cryptographic key. The bug in the OpenSSL cryptographic library is significant because the open-source package is used to protect sensitive data in countless applications and operating systems throughout the world. Read the full article. [The Register]

More details follow the news of the Spanish botnet Mariposa and its owners being caught. The Mariposa Working Group infiltrated the command-and-control
structure of Mariposa to monitor the communication channels that
relayed information from compromised systems back to the hackers who
run the botnet. Read the full article. [The Register]

For years, leaders of the security industry have warned that
passwords have outlived their usefulness. Users pick easy-to-crack
passwords like the name of a dog or a favorite movie. They’re written
on post-it notes and left sticking to the monitor for all to see. Multi-factor
authentication — using more than one form of authentication to verify
the legitimacy of a transaction via smart cards, tokens or biometrics,
for example — is often held up as the alternative; an end to insanity. The reality is far less simple. Read the full article. [CSO]

An estimated 1.42 million adults in this country may have experienced
some type of fraud involving theft of their medical identification
information, a report from the Ponemon Institute claims. “The National Study on Medical Identity Theft” is based on findings
from 156,000 people who agreed to discuss identity theft in general.
Among those surveyed, 5.8% provided specific details about how they had
been hit by medical ID theft. Read the full article. [Computerworld]

Authorities have smashed one of the world’s biggest networks of
virus-infected computers (known as the Mariposa botnet), a data vacuum that stole credit cards and
online banking credentials from as many as 12.7 million poisoned PCs. Read the full article. [Associated Press]

Innovations in botnet technology threaten the usefulness of honeypots, one of the main ways to study how bot herders control networks of zombie PCs. Computer scientists led by Cliff Zou and colleagues at the University of Central Florida warn that bot herders can now avoid honeypots – unprotected computers outfitted with monitoring software – set up by security firms. Read the full article. [The Register]

A new report shows malware attacks through Web 2.0 applications continue to be the largest
concern for IT professionals with 69% of organizations reporting at least
one Web 2.0-related attack. Fourteen percent report data leakage over social networks and 18%
indicate incidents occurring over social networks where disciplinary
action was required. Read the full article. [Help Net Security]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.