Renewed concern about the privacy of information posted on Facebook along with Microsoft's fight against the Kelihos botnet and federal data breach legislation led the week's IT security developments.
Facebook
dominated
the privacy conversation this past week, as the social networking site
rolled out a slew of new interface changes, including a real-time news ticker
and Timeline information-sharing interface.
Users
complained about having their every move publicized to people they don't know.
Security experts warned that Timeline could be exploited by cyber-criminals to
harvest personal details and use them in spear-phishing attacks. The amount of
information people post on social networking sites is worrisome, and Timeline
encourages even more
over-sharing, the experts warn.
The
United States government was also busy during the past week, as the Homeland
Security and Commerce departments issued a request for proposal to Internet
service providers and other members of the industry to come up with techniques
that can be used to proactively detect when customers are
infected with botnet malware. The proposal would hinge on enlisting ISPs in
the fight to shut down botnet traffic within networks.
Three
major
data breach bills have been approved by the Senate Judiciary Committee.
However, the vote fell entirely along party lines, in a sign of how challenging
the actual passage of the bill is likely to be. While the bills from Sens.
Dianne Feinstein, D-Calif., Richard Blumenthal, D-Conn., and Chairman Patrick
Leahy, D-Vt., are ready to move to the next step, there are a handful of
cyber-security and online privacy bills that are still working through their
respective committees, including the ones sponsored by Sen. Jay Rockefeller, D.-W.Va.,
and John Kerry, D-Mass. Once all the bills have left committee, they will need
to be reconciled and consolidated into a single bill before moving to the
Senate floor for debate and vote.
The
Department of Defense said it is planning to extend the six-month pilot
program for the government to share threat intelligence and cyber-security
techniques with the private sector until at least November. There is a
possibility the program, which will be expanded to include more private
companies and organizations, will be extended indefinitely. The goal is to give
the industry access to threat information and analysis it otherwise might not
have.
Microsoft
handed over all the information it had collected while investigating the gang
behind the Rustock botnet to the FBI this week. The company's Digital Crimes Unit
wrapped up work on that operation just in time to announce that a U.S. District
Court judge had issued restraining orders allowing Microsoft and VeriSign to
shut down 21 domains that are associated with the
Kelihos botnet.
Kelihos
is a much smaller botnet than many of the others currently in existence, but it
shares enough code and characteristics with the now-defunct Waledac network
that many security researchers refer to Kelihos as "Waledac 2.0."
Richard Boscovich, Microsoft's senior attorney with the Digital Crimes Unit,
said the team targeted Kelihos before it could become a bigger threat.
In
an amusing "oops" moment of the week, Microsoft's latest update to
its
Security Essentials malware scanning tool identified Google's Chrome Web
browser as malware and removed it from user machines. Microsoft has fixed the
problem and released the new version, which accepts that the competing Web
browser is legitimate.
Email
Print
