Weekly Brief - June 22 2009

Researchers from iSEC Partners will release an SMS hacking tool at the Black Hat conference next month. Guidance Software has released a digital forensics tool on a USB key. And SANS is reporting on the launch of a new denial of service tool for attaching Apache HTTP servers. Microsoft's free antivirus tool, Morro, goes into public beta this week.

A security researcher has designated July as the ‘month of Twitter bugs’, and will be posting a bug per day on a blog set up to disclose flaws in the microblogging service. Aviv Raff already has a pedigree in such things, having worked with noted researcher HD Moore on the ‘month of browser bugs’, in which multiple bugs were disclosed in popular browsers.

You thought that Twitter's main role in the Iranian election kerfuffle was as a community reporting tool? Think again. People are using Twitter to encourage DDoS attacks against Iranian government servers, and some experts don't like it at all.

The Defense Authorization Bill is calling for more money to train people in cyber-warfare.

Canada wants to give law enforcers the chance to look at web users' personal data without a search warrant.

The FTC has won $1.8m in customer damages against Interbill, a payment card processor that made unauthorised charges against customers' credit cards.

The House Intelligence Committee is cracking down on the National Security Agency by introducing a number of measures designed to curtail its autonomy.

URL shortening service cli.gs was hacked, and had almost 2.2 million URLs redirected to a single page. Luckily, security experts said that there was no malicious code found on the page (which was a blog posting discussing Twitter hashtags), and that it appears to have been a proof of concept attack. Cli.gs said that it was able to recover 93% of the altered URLs from backups.

Three individuals have been indicted for hacking into the telephone networks of major corporations and selling information about the systems to third parties. This enabled criminals to route 12 million minutes of telephone calls through the companies' networks, say reports.

Malicious attacks against databases reached an all-time high in the first half of this year, says the Identity Theft Resource Center.

Apple's iPhone 3.0 update fixes 46 security flaws.

Totally whacked
The City of Bozeman, Montana is asking job applicants to hand over their social networking passwords for vetting purposes.

A group of academics has written [PDF] to Google expressing concern over the company’s lack of clear guidance on encrypting its services. Luminaries including Roger Dingledine (who founded Tor), Richard Clayton from the University of Cambridge, and Bruce Schneier (chief security technology officer at BT) wrote to Google CEO Eric Schmidt asking for him to make the company’s policy on encrypting its traffic clearer.

The latest report from the Government Accountability Office says that significant weaknesses remain in ID management controls.

What’s Hot on Infosecurity Magazine?