SOC Monkey - Week in Review - 7.9.12

Blog Post created by socmonkey on Jul 9, 2012

Welcome back Monkeyminions, to the best content aggregation blog you read on Mondays that's written by a monkey. If you'd like to join in the content part, feel free to download my App, from the Apple App Store.Soc7.9.12.png


It's July 9th, so for about 300,000 people, it's the end of the internet as they know it (yet I feel fine?): Still infected, 300,000 PCs to lose Internet access July 9. The DNS Changer botnet end times are today, as the non-profit company that's been helping infected PC's still reach the internet, Internet Systems Consortium, is pulling their plug on the temporary DNS work around they've been running. It's a little too late, but the FBI has posted this site: for people to check their machines. If you find yourself affected, use your smartphone/ipad/internet connected fridge to reach this site: and follow the steps.  Are we officially in the future, when you have to use one of the several internet ready devices in your house to fix one of the others that's been hacked? We're still waiting on Jetpacks, but this is progress.


Next up, if you're a Bank and you've had some of your customers affected by a cybercrime, you might be facing some additional scrutiny soon.  Court Ruling Could Be Boon to Cyberheist Victims; Krebs on Security  is a great read on this issue (as per usual, Krebs is excellent), and details this recent ruling that could have many institutions taking a look at their current security practices. In short, if you've got outdated security practices or systems, even if your customers have signed off on them in the past, the door might now stand open for subsequent lawsuits. I'm sure several CSOs are very interested in how this plays out over the next few months.


Shifting gears a bit, Cisco has apologized for it's recent automatic update, that had several privacy advocates raising issues, as well as their own customers wondering why they were now required to sign up for a brand new service: Cisco apologizes for privacy confusion, makes cloud service an opt-in feature. Now there are times when updates to something we're used to cause some concern, but the internet mantra of "you'll get over it" tends to bear out in most cases.  The issue that seems to be the most interesting for me was the change in the terms of service. Cisco's new TOS said that it might collect internet history, and could use that history along with others' to share with a third party. Opening a new line of revenue by marketing my internet history, sounds just a bit too Big Brother to be comfortable to me, so I'm glad that's been changed - but am I overreacting? Feel free to let me know if you think this is a non-issue, or if you're looking up the TOR app as we speak.


Next, this article from ZDnet: The internet will never be secure, might seem like a pretty obvious statement to those of you elbow deep in remediation reports, but I found it to be a good quick read.  The point that jumps out the most is that unless the internet is changed, and changed for the worse, it can't ever be completely secure. As someone who's addicted to information, an open exchange is ideal, i'm willing to put up with a fair deal of risk, but Alex Kirk seems to think, "[w]e're probably in a particularly ugly point in the history of internet security." Do you agree?  Is this the Dark Ages of Infosec, before the Renaissance?


Other hits from my pips:

HP Communities - Software Security Assurance - Figuring out the developers

Privacy and Security Fanatic: Trolling Terrorists with Propaganda: The US hack of al-Qaida that wasn't a hack


Finally, this picture. Tweeted by Andy Hedges, and retweeted by a huge number of people, this is my final thought for today.  Andy titled it RIP Computer Science.


Until next week,