Weekly brief, December 21, 2009

The SAFE Web Act is working, according to a report from the Federal Trade Commission. The Act allows the FTC to work across borders with foreign law enforcement agencies.

TJX hacker Albert Gonzalez was working with Russian accomplices to carry out his crimes. The information was revealed in a digital document that had been incorrectly redacted, allowing others to read the information. Gonzalez was also involved in the Heartland Payment Systems data breach, for which Heartland has just agreed to pay American Express $3.6 million in damages.

Malware peddlers are now using Google's frequently-altered front-page graphic to direct victims to their wares. They are using search engine optimization techniques to get poisoned results into the set delivered when victims click on the graphic. Visitors to the search engine giant's graphic commemorating the inventor of the language Esperanto received pages half-filled with poisoned results, said reports.

The poisoned Google results were touting rogue anti-virus malware. Rogue AV vendors have grown better than ever at copying the user interfaces offered by legitimate products, according to an analysis by Kaspersky researchers.

The Cloud Security Alliance unveiled the latest version of its cloud security guidance, just as Sun Microsystems announced a collection of cloud security products. These include the Cloud Safety Box, which enables administrators to encrypt and split content stored in the cloud, and its Security Enhanced Virtual Machine Images, which ship with security features such as non-executable stacks enabled by default.

SRI International has published a report on the Ikee.B iPhone botnet that provides extensive detail on its inner workings.

Twitter's website was temporarily redirected to a site operated by Iranian hackers, after its DNS records were compromised.

Pennsylvania State University warned that up to 261 social security numbers may have been compromised after one of its computers was infected with malware.

What’s hot on Infosecurity Magazine?