Web Security

2010: A Conficker Worm Odyssey

Researchers expect Conficker to get worse in the coming year in a number of specific ways including the corruption on defensive systems, keylogging, DDoS, mass identity theft, and more. Read the full article. [Help Net Security]

Web Shopping Sites Get Independent Testing

U-Test has just completed a substantive, independent review of three major e-tailing sites–Amazon, Walmart and Target– and found a gaping cross-site scripting security hole in one of them. Read the full article. [The Last Watchdog]

New Mac OS Proof-of-Concept Attack Revealed

A security researcher has released a proof-of-concept attack that
exploits critical vulnerabilities that Apple patched on Thursday; The
vulns stem from bugs in the Java runtime environment that allow
attackers to remotely execute malicious code. Read the full article. [The Register]

The Defense Department will not meet its end-of-the-year deadline for
removing Social Security numbers from military ID cards as they are issued or
renewed, the Pentagon has confirmed. Read the full article. [Stars & Stripes]

Two Bulgarians have been sentenced for their roles in an online
money-laundering scheme that collected about $1.2 million from U.S.
residents and sent it to a criminal group in Eastern Europe, the U.S.
Department of Justice said. Read the full article. [Computerworld]

A Cyber Forensics panel at the U.S Spy Museum discussed data breaches and the effects one bad hacking event can have; The panel discussion included the CEO of Heartland Payment Systems, whose company was the victim of a very large, very publicized data breach in 2008. Read the full article. [Dark Reading]

Michael A. Roseboro, a/k/a “Mike Ross,” a/k/a “Michael Johnson,” a/k/a
“Michael Smith,” was sentenced on November 25 to 116 months in prison
for his participation in a massive identity-theft and credit card fraud
scheme in which he targeted and stole the identities of at least 176
dentists. Read the full article. [DataBreaches.net]

A consortium of cybersecurity researchers from MIT, Purdue and Carnegie Mellon was announced in Washington D.C. with the stated goal is to collaborate on cybersecurity research including 10 projects, one which is the development of an Internet-scale model on which to perform
constrained experiments not possible on the live Internet. Read the full article. [TechTarget]

Microsoft released data collected from an FTP-server
honeypot, showing that attempts to guess passwords continue to focus on
the low-hanging fruit: passwords with an average length of eight
characters, with “password” and “123456” being the most common. Read the full article. [Security Focus]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.