Monthly Archives: December 2012

Patch Tuesday - even Android and Windows RT get a look in

Patch Tuesday

This month's Patch Tuesday includes bulletins from both Microsoft and Adobe, and covers a range of platforms and products.

There are updates in the mix for everything from Android to Windows RT, and from the Word Viewer to Exchange.

But did she STEAL the iPhone? App takes photo of woman trying to unlock it

Stolen iPhone snaps photo of woman who tries to unlock it

A woman who tried to unlock a stolen iPhone unwittingly took her own photo. An application on the phone then automatically sent the photo to the owner, who called the police.

It's a good reminder that there are tools out there, either free or darn close to it, that can track your stolen or lost smartphone.

Australian Defence Force Academy in stinkingly bad password breach

Australian Defence Force Academy in stinkingly bad password breach

The Australian Defence Force Academy is the latest high-profile organisation to become embroiled in a data breach.

The breach revealed names, birthdates, and some...well, some stinkingly bad passwords. Find out more...

US Secret Service probed after sensitive files left on Metro train

US Secret Service probed after sensitive files left on Metro train

A contractor working for the US Secret Service left two tapes full of extremely sensitive data on a Metro train, losing the extremely sensitive, personal data of staff, contact and overseas informants.

Complaint from Better Business Bureau really contains malware attack

Complaint from Better Business Bureau really contains malware attack

Malware has been spammed out widely, claiming to come from the Better Business Bureau.

Be on your guard.

SSCC 100 - John McAfee, OS X malware, Swiss intel, NASA laptops and Romanian carders

SSCC 100 - John McAfee, OS X malware, Swiss intelligence, NASA laptops and Romanian carders

Chester finally brings up his century with Chet Chat Episode 100 - the Benjamin Franklin edition!

Chet's guest in the 100th Chet Chat is Paul Ducklin.

You receive the electronic reservation? Malware attack poses as hotel booking email

You receive the electronic reservation? Malware attack poses as hotel booking email

Bogus hotel reservation emails have been spammed out widely, which claim to come from Booking.com but in reality carry malware designed to infect Windows computers.

Monday review - the hot 22 stories of the week

Here you go.

All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).

SHA-1 brute-force attack trimmed by 21% - paper from Oslo password hacking conference

SHA-1 brute-force attack trimmed by 21% - paper from Oslo password hacking conference

Jens Steube, author of the pasword cracking tool hashcat, can make your SHA-1 password cracking tool 25% faster.

Just like that.

How to report a computer crime: Fake anti-virus

How to report a crime: fake anti-virus

If you unwittingly downloaded malware to your computer which masqueraded as anti-virus software would you just clean it up and carry on, or report it to the authorities?

What computer security threats can we expect to see in 2013?

What computer security threats do we expect to see in 2013?

Here are the trends that SophosLabs anticipates will shape the IT security landscape next year:

48 countries join forces for biggest-ever fight against online child sex abuse

48 countries join forces for biggest-ever fight against online child sex abuse

Experts estimate that there are now some one million images of abused and/or exploited children available online, with the total growing by 50,000 per year.

Microsoft wants to hear about your Android malware problems.. so it can promote Windows Phones

Droidrage!

Is this a cheap shot by Microsoft?

Or are they right to highlight the malware problem on Android smartphones?

Tor and the Deepnet: What price does society pay for anonymity?

Tor and the Deepnet: What price does society pay for anonymity?

Hidden on the net is online content which is not so easily accessed, known as the Deepnet (also sometimes called Darknet, the Deep Web or Hidden Web).

Julian Bhardwaj takes us on a tour, and asks should computer users be allowed to remain anonymous online?

"G'day, the Queen speaking" - socially engineering the Duchess of Cambridge's hospital

"G'day, the Queen speaking" - socially engineering the Duchess of Cambridge's hospital

Pranksters at a Sydney radio station called the Duchess of Cambridge's hospital in London, pretending to be Her Majesty the Queen and Prince Charles.

To their astonishment, their social engineering succeeded. How would your organisation fare?

Anonymous goes after Hunter Moore, the infamous revenge-porn website publisher

Anonymous goes after Hunter Moore, he of revenge-porn site infamy

Those claiming to be affiliated with Anonymous have declared war on the internet's most hated man, Hunter Moore, who gained infamy by publishing pornographic photos of people without their permission, in fulfillment of the wishes of their bitter exes.

Barring a miracle, you're going to lose your ability to vote on Facebook privacy changes on Monday

Barring a miracle, you're going to lose your ability to vote on Facebook privacy changes next week

You, and a billion other Facebook users, only have a few days left to take part in an important vote about how your personal data is used by Facebook.

Abuse of .EU domains by malware gangs continues despite Registrar notification

Abuse of .eu domains continues despite Registrar notification

What do you do when attackers are abusing legitimate domain Registration services?

How do you stop or at least disrupt the malicious attacks?

Reporting the incident to the appropriate Registrar is the correct course of action, but as you can read, doing so does not necessarily guarantee results.

Exploit kits, the biggest threat on the web, are being fed by whitehat security researchers

Who is feeding the Blackhole exploit kit?

When security researchers make available proof of concept code to demonstrate vulnerabilities, are they actually supporting the malicious exploit kit authors?

SophosLabs expert Gabor Szappanos shows that the creators of exploit kits aren't the ones discovering the zero day vulnerabilities.

US woman arrested for bank robbery brags on YouTube about robbing a bank

US woman arrested for bank robbery brags on YouTube about robbing a bank

A woman tells, in a YouTube video, how she stole a car, smoked the marijuana found therein, robbed a bank, is a victim of the government, and told her mother it was the "best day of her life."

She was arrested before police even found the video.