Infosec Weekly Round-up October 29- November 04, 2012
Popular websites leaking system status information, private data and even passwords
Security researchers have discovered that thousands of popular websites are putting their users’ data at risk by leaking internal status information. Most of the sites are only leaking enough information to give attackers a window into their server’s internals – something that might be a useful stepping stone in formulating a more complex attack.
Malware Already Bypassing Windows 8 Security Mechanisms, French Pen-Tester Says
Security-wise, Windows 8 is the safest operating system ever released by Microsoft. The inclusion of technologies such as SafeBoot and ELAM, along with a better-sandboxed Internet Explorer 10, was supposed to keep rootkit-based malware at bay and to prevent threats originating from the web to exploit the browser, respectively. However, regardless of the effort, most malware running in the user-space of the operating system has no “compatibility issues” in transitioning from Windows 7 to Windows 8.
Free Android apps often secretly make calls, use the camera
Freebie mobile applications come with a higher privacy and security risk, according to an 18-month long study by Juniper Networks.
The Biggest Problem in Computer Security
People tend to focus on various areas as being important for computer security such as memory corruption vulnerabilities, malware, anomaly detection, etc. However the lurking and most critical issue in my opinion is staffing. The truth is, there is no pool of candidates out there to draw from at a certain level in computer security.
Malware B-Z: Inside the Threat From Blackhole to ZeroAccess
This paper provides insight into two of the most commonly used and technically capable pieces of crimeware, the Blackhole exploit kit and the ZeroAccess rootkit. We explain why these kits are so useful to the bad guys and show you how you can stop these threats from infecting your network and your users.