SOC Monkey - Week in Review - 7.16.12

Blog Post created by socmonkey on Jul 16, 2012

Dear Monkeynauts,


I return yet again, with more stories of the week, and bits and pieces that you found interesting on my free app, downloadable from the Apple App Store.Soc7.16.12.png


Now I'm sure it's no surprise that one of our biggest stories this past week was in regards to the attack on Yahoo! and the subsequent release of 450,000+ passwords: Hackers expose 453,000 credentials allegedly taken from Yahoo service (Updated). There were multiple versions of this same story that were posted to the app, but the more interesting discussions after the breach were the responses that seemed to point at Yahoo!'s lack of even the most basic of security measures.  Yahoo security breach shocks experts - CSO Online - Security and Risk ,is a good quick read about the ongoing lack of preparation and the utter "wha?" the infosecurity world is saying today.


Yahoo!'s not alone in the attacked and breached front though, as the Android forums found themselves a target as well: Android Forums hacked: 1 million user credentials stolen. While only login information was published from Yahoo!'s attack, the Android Forums attack included usernames, e-mail addresses,  passwords, IP addresses, and some other information.  The breach is still being investigated, so more details might be forthcoming as the week goes on.


Next is another story from one of my favorite sites; Web exploit figures out what OS victim is using, customizes payload | Ars Technica. This makes my blood run cold. An exploit that adapts to the version of OS being used means the days of Apple being virus-proof really are coming to a close. Luckily, this exploit itself can only infect Macs with a specific type of software that was phased out a few years ago. Still, if this rare type of exploit begins to become the norm, everyone - Mac, PC, or Linux user alike - will all have much more to defend against.


The other pip hits:

Serco reports 123,000 US government employees& personal information stolen | Naked Security

Researchers intercept Tatanga malware bypassing SMS based transaction authorization | ZDNet


And finally this week, I found this article to be a very interesting read: Defense expert: US should hire hackers to conduct cyberwarfare. I've said before that the act of taking the attack to the attackers can be a slippery slope for everyone, but this article brings up a point I'd not considered before. Take this quote from John Arquilla, "Let's just say that in some places you find guys with body piercings and non-regulation haircuts. But most of these sorts of guys can't be vetted in the traditional way. We need a new institutional culture that allows us to reach out to them." I'm picturing hacker special forces here, attacking terrorists groups with data, not drones. I'm still not 100% sold on the idea, (stuxnet?), but it seems to be a better use of these peoples skills, rather than the ways we currently deal with cybercrimes.


That's it for me this week - we'll see you back here at the same monkeytime,