It has been another busy week in security for V3.co.uk, with a raft of new products coming from major vendors, more interesting stats on the latest threats and some incidents certain parties would rather forget.
The Tories kicked off the week in fine fettle, setting up a web site aimed at embarrassing the Labour Party, but in the end it was they who were on the receiving end, of a rather clever hack.
As Trend Micro senior security advisor Rik Ferguson explained, the Cash Gordon website was set up to collect any message posted on Twitter that contained the hashtag #cashgordon and republish it in a live stream in a widget on the home page of Cash Gordon.
“Obviously this was duly noted and passed around. It was soon discovered that if you tweeted HTML or JavaScript instead of standard messages, this content would be interpreted and rendered by the visitor’s browser as legitimate part of the Cash Gordon site, allowing pranksters to redirect visitors to any site of the miscreant’s choosing,” he wrote.
“This latest in a line of social media marketing related fails is a salutary warning not to underestimate the technical know-how of the world wide audience you are inviting.”
Next up is Mozilla, which was forced to rush out an update to its Firefox browser to fix a known, critical security flaw. Version 3.6.2 was originally scheduled for release on 30 March.
There were red faces at Vodafone this week, as the firm was forced to admit the ‘isolated incidents’ of HTC handsets apparently shipping from its factories in Spain complete with Mariposa malware were not so isolated after all. Around 3,000 handsets are now thought to be affected.
Interesting stats again this month from Symantec Hosted Services, which found China to be the number-one source of email-borne targeted attacks of the sort Google suffered recently. Symantec also found the UK to be the most active country for phishing attacks, thanks in part perhaps to the availability of phishing toolkits on the web.
And now for some good news; Symantec and McAfee both released tools this week designed to protect firms from web-based attacks and data loss incidents. Symantec’s Web Security Monitoring service provides round-the-clock protection from browser and web application vulnerabilities, while McAfee Data Loss Prevention (DLP) will help to secure sensitive data on internal systems and removable storage media.
Finally, there was encouraging news from the US, as Twitter reported a massive drop in spam on the popular site in the past six months, while a proposed law being considered by senators could allow the US to impose sanctions against countries that fail to deal with online crime.
No comments:
Post a Comment