SOC Monkey - Week in Review - 7.2.2012

Blog Post created by socmonkey on Jul 2, 2012

Happy Monday Monkeynauts!


My Free App from the Apple App Store had these following links as it's most repeated and retweeted last week.  Let's take a look at what had everyone buzzing.



First up this week, is the response from RSA to a few posts saying they were hacked: Don't Believe Everything You Read; Your RSA SecurID Token is Not Cracked. I saw a few links to this last week, but the majority of them were a great deal of speculation. This posting from RSA themselves attempts to clarify what the "crack" actually was, and how a simple shift of perspective can occasionally render a problem obsolete. I'm more than willing to take other opinions on this matter, but this seems to put a lot of the concern at rest.


Second on the list: 4 Signs That Apple's Sharpening Its Security Game - Dark Reading. I just bought a new Macbook for the MonkeyCave, so this is a good sign to me.  It seems their public battle with the Flashback trojan, and their subtle removal of the, "It doesn't get viruses," slogan have led them to a path that a majority of PC users are very familiar with; one in which security is much more of a, "when," not, "if," problem.  The article is a quick read, with some signs that have been widely reported, but since it's been burning up my charts, I'm assuming a great deal of you have macbooks in your own SecurityCaves as well.


Next up, one of the most bandied-about buzzwords in Information Security today: Expert: Advanced Persistent Threats Can Be Beaten | PCWorld. APT is constantly discussed, debated, and sometimes downplayed, but it's certainly an ongoing key security concern.  How do you deal with this threat? What steps are you taking to make sure you've got protection, and does a course like the SANS one described in the blog seem like the next step in developing a response? Drop me a line on here with you own tips for APT's.


A few more links the Pips brought to your attention this week:


Hacking festival attracts 500 aspiring young coders - Ars Technica

EU security agency advocates for 'mandatory cyber insurance' - Insurance Business Review

The Dirty DDoS Market - TechWeekEurope UK


Finally, this article: How The Angel helped 15,000 people steal broadband, from Ars Technica is a fascinating read. A hacker decided that he was fed up and angry at the cable companies, and thus published a book on how to modify cable modems to remove MAC address controls, and bandwidth limits. He might have made upwards of a million dollars due to his book and fraud, but in the end, during the trial, it was revealed his main motivation was not money, but really was just revenge at these companies he felt wronged him. Note to everyone else - publishing a book on how to commit a crime, and then commiting said crime?  Not the most foolproof heist plan out there.


That's it for your favorite simian this week, but I'll be back next week with several informative links, and at least a few weird ones.


Until then,