Weekly Brief - May 26 2009

Attacks

Large swathes of the Chinese portion of the internet were taken offline by a massive DDoS attack. The US military is working on cyber-attack devices that could be used by non-experts to automatically hack a network. In the meantime, investigators in Europe used an old Nokia 1100 to demonstrate how a bank account could be hacked. They programmed the phone to receive other cellular users' text messages.

Defenses

Lawyers working for David Kernell, the hacker charged with hacking Sarah Palin's webmail account, said that he couldn't have violated her privacy because the judge had already declared the emails a matter of public record.

Adobe is following in Microsoft's footsteps (several years later) by starting a code hardening process and implementing regular security patches.

Vulnerabilities

A researcher posted details on how to exploit a security flaw in Apple's version of Java. The company has known about the security problem for six months but has been slow to patch it, he said. And Microsoft has found a zero-day vulnerability in IIS which could give attackers control over the server. Researchers at Cambridge University found that the majority of social networking sites fail to delete photos from their web servers after users removed them in a test.

Losses

An official at the Department of Homeland Security confirmed to FederalComputerWeek that a system containing sensitive information had been hacked. And there were red faces at the National Archives and Records Administration after a hard drive containing 1Tb of highly sensitive information from the Clinton administration was discovered missing. The drive was moved from a secure storage area to a workspace while its contents were being transferred to a digital records system, and up to 100 badge holders had access to it, said reports.

What’s Hot on Infosecurity Magazine?