Weekly Brief - July 6 2009

Techniques

Usability expert Jakob Nielsen and BT chief security technology officer Bruce Schneier argued that websites should stop masking passwords when they are entered, suggesting that it offers no security benefits. Schneier told the site Outlaw.com that shoulder surfing was "largely a phantom problem". Other experts such as Graham Cluley of Sophos disagree.

Tools

Anti-virus firm AVG might well be working on a Mac version of its software. And at Black Hat in Las Vegas later this month, researchers will demonstrate a forensics tool to help investigators trace attacks using a payload contained in HD Moore's Metasploit framework. Researchers have also created an alpha version of a tool called the Middler, designed to carry out man in the middle attacks targeting "every protocol for which we can create code".

Concerns

The US Committee on Homeland Security has sent a letter to the Transportation Security Administration, concerning the winding down of the Clear initiative, a registered Traveller service that enabled pre-cleared, paying customers to clear security at airports more quickly. The Committee is worried about the handling of private customer data following the discontinuation of the system. Verified Identity Pass Inc, which operated the system, has indicated how it will secure information here.

The sleepy Canadian province of Saskatchewan must try harder when it comes to data courtesy, according to a report from its information and privacy Commissioner. This year, Commissioner Gary Dickson's office opened 62 privacy investigations, compared to just two investigations four years ago.

Crimes

Bullitt County, Kentucky, had $415 000 filched from its account by cybercriminals in the Ukraine working with partners in the US. Malware was involved in the theft, say insiders familiar with the case.

An Australian gamer stole the equivalent of AUS$6,300 ($5,100) from a bank that he operated in the online game EVE Online. He then exchanged the virtual money for real cash by selling it to gamers eager to buy funds in the game rather than earning it.

Crashes

Researcher Charlie Miller has worked out how to disconnect an iPhone from the communications network by sending it a specially-crafted text message.

What’s Hot on Infosecurity Magazine?