Web Security

MiTM Attack Stealing Virtual Gold on WoW

Crooks have developed a man-in-the-middle-attack designed to circumvent authentication kit used by dedicated World of Warcraft gamers. The ruse relies on tricking gamers into installing Trojans disguised
as gaming ad-ons. Once applied the malware allows hackers to capture
and relay authentication commands next time a victim logs on to
Blizzard’s servers. Read the full article. [The Register]

P2P Networks Can Nab Private Medical Info

The personal health and financial information stored in thousands of
North American home computers may be vulnerable to theft through
file-sharing software, according to a research study published online
in the Journal of the American Medical Informatics Association. Read the full article. [ScienceDaily]

Buffer Overflow Flaw in Lotus’ iNotes

The Lotus iNotes ActiveX control for reading email from within a
browser contains a programming error which can result in a buffer
overflow. This could be exploited by an attacker to infect an iNotes
user with spyware on visiting a crafted web page. Read the full article. [The H Security]

A ring of ticket brokers has been indicted in connection to an elaborate hacking scheme that used bots and other fraudulent means to purchase more than 1 million tickets for concerts, sporting events and other events. The defendants made more than $25 million in profits from the resale of the tickets between 2002 and 2009. Read the full article. [Wired]

A German research team has now developed a true random number generator that
uses an extra layer of randomness by making a computer memory element,
a flip-flop, twitch randomly between its two states 1 or 0. Immediately
prior to the switch, the flip-flop is in a “metastable state” where its
behavior cannot be predicted. Read the full article. [ScienceDaily]

Hackers broke into computer systems at Wyndham Hotels & Resorts recently, stealing sensitive customer data. The break-in occurred between late October 2009 and January 2010, when it was finally discovered. This is the third data breach reported by Wyndham in the past year. Read the full article. [Computerworld]

Renukanth Subramaniam, 33, who had previously plead guilty was sentenced to 46 months for conspiracy to defraud and 10 months
for five counts of mortgage fraud, the terms to run consecutively. Also
sentenced was Darkmarket user John McHugh, 66, who had the sign in “Devilman” and created fake credit cards
that were sold through the site. Read the full article. [BBC News]

Japan’s “Cyber Clean Center” is a little-known effort by the Japanese Computer Emergency Response Team Coordination Center (JP-CERT) and a collection of 76 Japanese ISPs covering 90 percent of the nation’s Internet users to fight botnets and other security issues. Read the full article. [KrebsonSecurity]

Adobe has been in the security spotlight for some time now, and in an effort to give our readers a better perspective on the company’s efforts to improve the security of its products, Threatpost had a live chat with Brad Arkin, director of product security and privacy at Adobe, on Feb. 24.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.