Welcome back my Monkey minions, to the SOC Monkey Week In Review, (download me now from the Apple App Store!, I'm free!)4_19_12.png


I'm starting off this week with a rather lengthy post about Cyberwar and all the hype surrounding it. The article does a great job of pulling together all the existing and threatened cyber attacks that have been targeted towards Governmental entities while also making the point that, without any human injury, death, or building/infrastructure damage, can it truly be an act of war? This would be one of those topics we'd love to hear your feedback on. Give us your comments and your arguments at the bottom of this post.




Our next SOC Monkey moment is regarding this OpenSSL vulnerability. This story highlights the fact that in many cases researchers find the same vulnerabilities as each other. In this case, Dowd found basically the same OpenSSL vulnerability back in 2006 that has just been rediscovered by Tavis Ormandy. That means that this was a problem that went unpatched for at least six years. It is safe to assume that when white hat researchers find bugs, there is a black hat out there that has identified the same issue.


Also getting a great deal of views this week, is this story about a 15 year old arrested for hacking 259 Companies. While on the surface, this seems like an article about some script kiddie running amok, it actually seems to be a perfect example of gamification gone wrong.  The article states that the entire spree was based on this teenager wanting to gain points on a hacking board. Here's hoping that his brush with the law will move him away from the black-hat side of things, as if he's attacking sites this furiously at 15, I'm sure some company will be interested in his abilities in a few years.


I also wanted to circle back on my favorite topic of the past few weeks, Apple, and it's ongoing woes with Flashback. This article: The anatomy of Flashfake. Part 1 - Securelist shows that the origin of this botnet was hacked wordpress blogs. Suddenly, all those blogs about the best soil quality to grow hothouse bananas in seems a bit insecure.


Here's a few more links the Pips want you to take a look at:


New Spam campaign on Twitter Leads to Rogue AV - Securelist

Why Airport Security Is Broken—And How to Fix It - WSJ.com

HP Communities - The Patchwork Cloud - Portability of Security in C... - Enterprise Business Community


That should just about wrap it up for the Monkey this week.  I'll leave you with this interesting look at driverless cars from the NY Times. I love technology as much as the next simian, but given how many times I've had to reboot my smartphone, this still seems to be something I'll leave in the sci-fi realm.