Infosec Weekly Roundup, March 19 – 25, 2012
For cloud services, security first – growth second, is the winning strategy
The first up for this week is by Richard Stiennon, security expert and Chief Research Analyst for IT Harvest, the article covers cloud computing companies and their security issue, how vendors that prioritize security are more successful than those that are focusing on functionalities…
“My oft repeated advice for technology vendors is that security sells. Given a choice between two vendors of similar products or services an informed buyer will head for the vendor that can better protect his or her data. Large technology vendors forget this. “
Wireless Security: Wi-Fi Hacking Burglars Get Busted
The second post is by Robert Siciliano that is covering wireless network encryption problem and how hackers are arrested for attacking Wi-Fi network that are using WEP a weak encryption system that may be cracked within a few seconds.
“SeattlePI reported their Wi-Fi hacking techniques included “wardriving,” in which hackers mount a high-strength Wi-Fi receiver inside a car and search for networks that can be penetrated.”
Twitter Bots Target Tibetan Protests
Here is another incident reported by Brian Krebs a previous reporter for The Washington Post, criminals have used Twitter accounts to post twitts and bombing targeted hashtags to prevent users from following certain news.
“Twitter bots — zombie accounts that auto-follow and send junk tweets hawking questionable wares and services — can be an annoyance to anyone who has even a modest number of followers. But increasingly, Twitter bots are being used as a tool to suppress political dissent, as evidenced by an ongoing flood of meaningless tweets directed at hashtags popular for tracking Tibetan protesters who are taking a stand against Chinese rule.”
Malware Analysis Tutorial 22: IRP Handler and Infected Disk Driver
The malware analysis tutorials continue to the 22 part with Max++ analysis.
“This tutorial continues the analysis presented in Tutorial 20. We reveal how Max++ uses a modified disk driver to handle I/O requests on the disk it created (its name is “\\?\C2CAD…”). Recall that in section 4.2.3 we showed you Max++ creates a new IO device and hooks it to the malicious driver object, so that whenever an IO request is raised on this device the request will be forwarded to driver object 8112d550, as shown below. “
New Blackhole spreading malware
Trojan – stealer of user personal data. Spreads via BH EK