Welcome to Monday, May 20th 2013 as James and I discuss the last 2 weeks' worth of Information Security news and relate it (attemptively) to your enterprise day-job. This week was a bit on the lighter side, with the quote of the year (as far as I'm concerned) winner going to the Washington State Administrative Office of the Court for ...well, you'll just have to read the rest of the show notes and listen to the podcast.
Also ... we are now on the Zune store. So ...to the 2 new Zune listeners - HELLO!
Topics Covered
- Researches at Trend Micro uncover new cyberespionage campaign call it SafeNet (in unrelated news SafeNet the security company had nothing to do with this...). Yet another cyberespionage campaign targeting users with revolutionary new technique called "phishing", and using a vulnerability in Microsoft software patched in April 2012, originating from ...
China! - http://www.computerworld.com/s/article/9239342/Researchers_uncover_SafeNet_a_new_global_cyberespionage_operation - Domain registrar, Name.com hacked, customer information including potentially usernames, email addresses, encrypted passwords (just how encrypted are we talking here? ROT13? double-XOR?), and encrypted (same question as before) credit card information potentially stolen. Again, the vector of choice is this revolutionary new tequnique called ...
phishing - http://www.pcworld.com/article/2038263/namecom-forces-customers-to-reset-passwords-following-security-breach.html - Godzilla hacked EC-Council (this needs no explanation) - http://www.esecurityplanet.com/hackers/ec-council-hacked.html
- Four former LulzSec members (former?) sentenced for their roles in the 2011 attacks on companies such as Sony, Nintendo, News Corp, the CIA and many others. Sentences range from a 30-month prison term for "Kayla" to 200 hours of community services for T-Flow. Justice? Interested to hear what you think - http://www.computerworld.com/s/article/9239302/Four_former_LulzSec_members_sentenced_to_prison_in_the_UK
- Washington State's court system has been compromised, exposing 160,000 social security numbers and a million drivers' license numbers - basically everything you'd ever need to steal someone's identity. Luckily officials have determined that only 94 of those were definitely obtained by the attacker (what?!). Also, ridiculous quote of the year honors go to the "officials" for this: ".. officials at first believed no confidential information was leaked e
>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast