Infosec Weekly Round-up October 29- November 04, 2012

Popular websites leaking system status information, private data and even passwords

Security researchers have discovered that thousands of popular websites are putting their users’ data at risk by leaking internal status information. Most of the sites are only leaking enough information to give attackers a window into their server’s internals – something that might be a useful stepping stone in formulating a more complex attack.

http://nakedsecurity.sophos.com/2012/11/02/sites-leak-system-status-private-data-passwords/

Malware Already Bypassing Windows 8 Security Mechanisms, French Pen-Tester Says

Security-wise, Windows 8 is the safest operating system ever released by Microsoft. The inclusion of technologies such as SafeBoot and ELAM, along with a better-sandboxed Internet Explorer 10, was supposed to keep rootkit-based malware at bay and to prevent threats originating from the web to exploit the browser, respectively. However, regardless of the effort, most malware running in the user-space of the operating system has no “compatibility issues” in transitioning from Windows 7 to Windows 8.

http://www.hotforsecurity.com/blog/malware-already-bypassing-windows-8-security-mechanisms-french-pen-tester-says-4243.html

Free Android apps often secretly make calls, use the camera

Freebie mobile applications come with a higher privacy and security risk, according to an 18-month long study by Juniper Networks.

http://www.theregister.co.uk/2012/11/01/android_app_privacy_audit/

The Biggest Problem in Computer Security

People tend to focus on various areas as being important for computer security such as memory corruption vulnerabilities, malware, anomaly detection, etc. However the lurking and most critical issue in my opinion is staffing. The truth is, there is no pool of candidates out there to draw from at a certain level in computer security.

http://carnal0wnage.attackresearch.com/2012/11/the-biggest-problem-in-computer-security.html

Malware B-Z: Inside the Threat From Blackhole to ZeroAccess

This paper provides insight into two of the most commonly used and technically capable pieces of crimeware, the Blackhole exploit kit and the ZeroAccess rootkit. We explain why these kits are so useful to the bad guys and show you how you can stop these threats from infecting your network and your users.

http://www.sophos.com/en-us/security-news-trends/whitepapers/gated-wp/malware-threats-from-blackhole-to-zeroaccess.aspx

That’s all for this week, if you have more information security news please to share them with our readers by sending emails or using the contact form.

Share
You can leave a response, or trackback from your own site.