Weekly brief – September 1, 2009

Trojan for Skype eavesdropping

A Swiss programmer has released the source code of a trojan horse that injects code into Skype converting incoming and outgoing voice data into an encrypted MP3 available at the disposal of the attacker.

The Trojan also opens a back door allowing an attacker to send the MP3 to a predetermined location, download an updated version and to delete the Trojan again, ZDNet Blogs reports.

For more, see ZDNet…

Snow Leopard's anti-malware scans for two Trojans…

The anti-malware function built into Apple’s Snow Leopard upgrade appears to be little more than a XProtect.plist file with five signatures for two of the most popular Mac OS X trojans - OSX.RSPlug and OSX.Iservice, according to ZDNet blogs.

The blog says the apple anti-malware function only scans files from a handful of applications, not including for example BitTorrent. Apple is also criticized for only giving occasional updates via Apple’s Software Update, giving malware plenty of time before being detected through malware signatures.

For more, see ZDNet…

Elance sends private messages right, left and center

Elance, a service that allows for companies and individuals to hire and pay independent professionals and contractors online, has seen another security blip.

A register user told TechCrunch that she has been received dozens of private messages that were erroneously sent to her account, on occasion even containing confidential information and sensitive data such as login details for Elance accounts and third-party servers.

On Elance’s forum, members have complied they have received over 50 emails not meant for them, several containing sensitive data like login details and private information about accounts and activities.

For more, see TechCrunch…

Court says search warrants are needed for digital data

A federal appeals court ruled last week that government investigators cannot retain incriminating information found in electronic searches unless it is within the scope of a search warrant, PC World has reported.

The ruling came as the US Justice Department wished to retain and use all of the data that it seized in 2004 as part of a federal investigation into the use of illegal substances use by Major League Baseball players.

The court decided that the so-called ‘plain view doctrine’, which allows investigators to seize evidence without a warrant if it was found in plain view during a legitimate search, does not extend to electronic searches.

For more, see PC World…

WPA Wi-Fi encryption cracked

Second generation of Wi-Fi security can be cracked within a minute, according to Japanese researchers.

WPA (Wi-Fi Protected Access) was thought to be secure, and has been used since the first generation of Wi-Fi security, WEP, was found to be crackable, The Examiner reports.

However, all security is not lost. WPA devices that use AES (Advanced Encryption Standard) are still secure for the time being, or a third generation of security, WPA2, can also be used, which is said to be more secure.

For more, see The Examiner…

What’s hot on Infosecurity Magazine?