3_30_12 small.png

Welcome back to SOC Monkey's greatest hits! Here's a quick shot of what we've been seeing trend on my app, (SOC Monkey, available now, free in the Apple App Store), in the last several days:


This week my monkeyfeed owes a great deal of credit to Brian Krebs of Krebs on Security, as the two main items listed here were both originally found on his blog. First up from Mr Krebs, and burning up the charts this morning, is the news that Visa and MasterCard have had a significant breach, recently discovered at one of their processors. The top article is currently found here: MasterCard, VISA Warn of Processor Breach, and claims that it's looking like the breach could affect up to 10 million card numbers. Both VISA and MasterCard began telling the affected banks last week, and Brian Krebs just released his findings this morning, leading to public statements from both companies. It looks like the breach could have happened as early as January 2012, through the end of February of 2012. That's over a month of potential access to this data, or at the very least, access to the network the data is stored on. This just  reinforces how hard it is to protect data, and how difficult it is to recognize the breach once it's occurred.


The 2nd biggest story, with several articles appearing in my feed, is all about a new Java exploit. Microsoft has published the following blog for those of you who need some more detail: JRE Sandbox Breach (CVE-2012-0507).  Now since you're here reading about it, chances are you are interested in our own non-monkey take on things, so I present this:  CVE-2012-0507 - Java Strikes Again, in which Metasploit's own sinn3r and regular contributor Juan Valquez have, in less than 24 hours, developed a working module for this exploit in Metasploit. If you're using Metasploit already, grab the latest updates to see this addition or feel free to download and monkey around with our Community Edition.  If you're looking to learn more, keep your eyes peeled for our upcoming April 25th webcast, and make sure to check back in to register.




The third item i'm pulling from my feed involves a recent Ars Technia article regarding Wikileaks and it's potential move to Sealand, the "independent" nation in the North Sea. You can check it out here: Death of a data haven: cypherpunks, WikiLeaks, and the world's smallest nation and fair warning, it is a long article, but I found it incredibly interesting. Also, I find the mere existence of an independent sovereign nation, perched on a rusty old World War II sea-fort, working on a way to be an offshore data haven to be one of those items you can't ever read too much about. For those of you who have read Cryptonomicon by Neal Stephenson, this might ring several bells at once.  Also, if you want to become a Baron or Baroness, and just haven't found the time, Sealand can set you up for a fee: The Principality of Sealand - Become a Lord, Lady, Baron or Baroness.  You too can have a Coat of Arms, and be official Nobility.


Next, to bring up something I touched on last week in SOC Monkey 3.23.12, it looks like the discussion regarding employers being able to ask you for your Facebook login is still going strong.  Here's the latest word from Naked Security: US House declines to block employers demanding Facebook passwords | Naked Security, showing that the push to get the House of Representatives to weigh in on the issue has stalled. I don't know if this is a topic we really need the Government to weigh in on, but I certainly know that if someone asks for my password credentials for a job interview, the job interview will be ending at that moment. Maybe I'm missing something?  If you've got the insight behind why this isn't super Big Brothery (word?), then let us know in the comments below.


Finally, here's a few more links that seem to be of the most interest this week.  Click on through, and as always, let me know what you think in the comments below.

7 Levels of Hackers

Old-time hacktivists: Anonymous, you've crossed the line | InSecurity Complex - CNET News

Obama Administration Places $200 Million Bet On Big Data | SecurityWeek.Com


I'll see you next week!