Monthly Archives: June 2013

Ruby + OpenSSL && sprintf() == 2009-style Man-in-the-Middle?

ruby-250

If you have web-facing code written in Ruby, and you support SSL (which you do, right?), be sure to patch as soon as you can, to avoid falling victim to what seems very much like a four-year-old flaw...

Anatomy of a browser trick - you've heard of "clickjacking", now meet "keyjacking"...

k

An Italian security researcher has rediscovered a trick known as "user interface redressing" and used it to detail some potentially risky behaviour in IE 8.

Paul Ducklin takes a look to see just how dangerous keyjacking can be...

Facebook leak, Canadian spam, Opera breach - 60 Sec Security [VIDEO]

2013-06-29-breaches-250

It's Saturday, and that means *60 Second Security*, where we aim to touch on some of the more thought-provoking security topics of the past week in just one minute of video.

Why not give this week's video a go?

Canadian cop claims he didn't know cyber-stalking was illegal

Canadian cop claims he didn't know cyber-stalking was illegal

A Canadian police officer who pleaded guilty to planting spyware on his wife's BlackBerry, suspecting that she was having an affair, gets a slap on the wrist after claiming that he didn't know that planting the cyber bug was a crime.

Google adds (some) malware and phishing info to Transparency Report

Google adds (some) malware and phishing info to Transparency Report

Google has expanded its Transparency Report data to include stats from their 'Safe Browsing' system, which keeps tabs on where malware and phishing sites are hosted. The data is a little short on definition, but shows which hosting providers are doing the worst job of keeping their IP space clean.

Facebook leaks are a lot leakier than Facebook is letting on

Facebook leak

Remember last week, when Naked Security et al. told you that Facebook leaked email addresses and phone numbers for 6 million users, but that it was really kind of a modest leak, given that it's a billion-user service?

OK, scratch the "modest" part.

Thieves pounce on one of a sheriff's office's last, unencrypted laptops

Sheriff's badge

The sheriff's office in King's County, Seattle, was in the process of adding encryption software this past spring and as of March had done so on 60% of all computers.

The laptop that got stolen from a detective's truck, unfortunately, was in the 40%, and that's why 6,300 people are now looking at the potential of identity theft.

Opera breached, has code cert stolen, possibly spreads malware - advice on what to do

Norwegian-based browser maker Opera has announced a network intrusion.

Users *may* have been infected with malware by an Opera update.

Paul Ducklin offers advice on what to do...

Firefox 22.0 closes a modest bunch of not-yet-exploited holes

moz-250

As usual, there's a handy mixture of important-sounding security fixes and some interesting new features.

No yet-known vices, so why not ensure you've got the update right away?

Google scans Chrome Web Store submissions for malware

Google scans Chrome Web Store submissions for malware

The process may hold up submissions, Google says, but no cause for freak-out. The scan shouldn't ever take more than an hour, it says - time well spent for the greater security good.

US senators propose legislation to throttle NSA's domestic spying

US senators propose legislation to throttle NSA's domestic spying

Senator Patrick Leahy, along with other US senators, has introduced a bill to limit National Security Agency (NSA) spying on domestic targets.

They're not asking for it to stop, mind you - just that it be more transparent with regards to privacy.

Korean graphical designer in "font protest" against PRISM surveillance

zxx-prism-250

About a year ago, a Korean graphical designer came out with an "anti-surveillance" typeface called ZXX, as a sort of protest against electronic eavesdropping.

But, in the aftermath of PRISM, are there *really* any anti-surveillance properties to ZXX? Paul Ducklin has a look...

What do you want to see on Naked Security?

What do you want to see on Naked Security

We think it's about time we ask you about what YOU want from us. Have your say, and maybe win a t-shirt!

Top executives out of touch with their company's IT security risks

Top executives out of touch with their company's IT security risks

The world's business leaders have high levels of confidence in their organisations' cyber defences, but that confidence is largely out of tune with reality, according to a recent report.

Europeans to get told about data breaches - sometimes

Europeans to (sometimes!) get filled in on data breaches

The EC has published new breach disclosure rules that exempt companies from disclosure if they're using encryption. It's an odd loophole, given how data handling can be bungled, encryption or no.

Google gets 35 days to wipe its WiSpy data

Google gets 35 days to wipe its WiSpy data

It sounds like the UK's ICO really, really means it this time, Google, in spite of this being the third time it's told you to ditch the Street View data.

Taking a closer look at the Glazunov exploit kit

Taking a closer look at the Glazunov exploit kit

In this article, Fraser Howard takes a look at Glazunov - an exploit kit that has been increasingly active in recent weeks. In this deep dive, readers can learn more about how these attacks operate.

Yahoo says unleashing people's old accounts will be fine, just fine

Yahoo says unleashing people's old accounts will be fine, just fine

It will be OK, the company says. We're not giving away your content or personal details, and we're sending bouncebacks for a month. Has that convinced critics? Unlikely.

Canada's long-delayed spam laws risk being quietly shelved

Canada's long-delayed anti-spam laws risk being quietly shelved

Anti-spam legislation in Canada should have been in force several years ago but it's unlikely that the laws will have any teeth for several more years, and they may even fall by the wayside. So Canadians, unless you want to be the weak link, pester your politicians to pull their collective fingers out.