Weekly brief - September 28, 2009

Takedowns

Razer, a manufacturer of hardware for computer gamers, took its support site down following reports by Rik Ferguson of Trend Micro that its downloadable device drivers were infected with a Trojan.

Tools

The latest version of BeEF, a browser exploitation framework, is now available. It demonstrates the collecting of zombie browsers and browser vulnerabilities in real time, and provides a command and control interface that enables the targeting of zombie browsers.

F-Secure has launched a new version of its Health Check product. Version 2.0 of the product, which checks your computer to see if it is protected and highlights security issues, is now in beta. It features expanded browser support, and has abandoned ActiveX.

Arshan Dabirsiaghi, director of research for Aspect Security, will launch an open source web software-based application firewall at the OWASP conference this November.

StorageCraft released version 3.5 of its ShadowProtect, which is a disk-based backup tool. The new version notifies users when the hard drive begins to fail, and can back it up, even when areas of the drive are no longer working.

Techniques

Researchers at Pacific Northwest National Laboratory and Wake Forest University have developed a system that uses swarm intelligence to identify security threats. It's modeled on ants, who defend successfully against intruders.

Threats

Idaho gets the most spam, with 93.8% of emails classified as junk, according to Symantecs' MessageLabs subsidiary. Kentucky, New Jersey, Alabama, Illinois, Indiana, Massachusetts, Pennsylvania, Arizona, and Maryland were runners up for the dubious honor.

Conficker continues to be effective, despite that it is almost a year since it was initially released, and even though it originally exploited a patched flaw. Experts say that the virus has migrated to encrypted peer-to-peer command and control.

Up to nine percent of the average enterprise's computers could be infected by bot software, according to research from Damballa - and 60% of infected enterprise computers are members of tiny targeted botnets numbering just a few hundred machines.

Tsk, Tsk

We should know better than this by now, shouldn't we? 2246 investors in the ponzi scheme of disgraced former NASDAQ chair Bernie Madoff had their names, addresses, and social security numbers stolen. They were on a computer left in a car by an employee of AlixPartners LLP, the consulting firm that has been processing victims' claims.

Another break-in may have compromised 31 000 patients at a health clinic in Kern County, after individuals entered a locked storage area that contained confidential patient information.

Privacy advocates praised Facebook's decision to shut down its controversial Beacon service, which used people's personal information for commercial marketing purposes. However, the company also published plans that it would release an API for its notification and mailbox services, meaning that applications written to operate in a social networking service will be able to peek at your email.

And finally... we wish this guy luck.

What’s hot on Infosecurity Magazine?