A recap of the past week's IT security news features a Microsoft patch, the takedown of a reputed cyber-crime ring and talk of new rules to help authorities intercept communications on the Internet.
Talk about requiring companies to make it easier for authorities to
intercept communications on the Web led a busy week in IT security news
that also featured an emergency Microsoft patch and mass arrests in the fight
were first reported by the New York Times. The
discussions on the issue centered on three areas: requiring that communications
services that encrypt messages have a way to unscramble them; mandating that
foreign-based providers doing business inside the United
States have a domestic office capable of performing
ensuring that developers of peer-to-peer software redesign their service to
allow file interception.
The plans revisited an old debate that arose during the 1990s. Just as they
did back then, critics argued that creating backdoors to facilitate government
surveillance also creates opportunities for attackers, and the government
already has enough power to monitor Internet communications.
"This isn't a question where there's this thing that can make us safer,
should we do it or should we not do it," Cindy Cohn, legal director at the
Electronic Frontier Foundation
told eWEEK. "This thing that they want won't make us safer. It will make
us more vulnerable. Not just to government misuse, but to third parties."
In the fight against cyber-crime, law enforcement arrested dozens of people
during the week accused of involvement in a massive online bank fraud
scheme. All totaled, the crew is accused of stealing $70 million before it
was shut down by authorities in the U.S.,
U.K. and Ukraine.
The criminals used the infamous
to infect computers and steal bank credentials belonging to
individuals, small businesses and others, the FBI said. Ivan Macalintal,
manager of advanced threats research at Trend Micro, told eWEEK that Zeus is
often able to dodge detection partly because of the sheer number of
variants out there.
"Zeus is one of the notorious and dangerous threats out there, especially
now when users mostly do daily activities in the Internet, like banking online,"
Microsoft also pushed
out an emergency patch
for a vulnerability in ASP.NET,
which is used to build Web applications. The vulnerability is due to ASP.NET's
use of encryption padding, which provides information in error messages that
could be used by attackers to read and tamper with data encrypted by the
In other news, Symantec released a detailed
paper on the Stuxnet worm
(PDF), while Iran
announced it arrested multiple people for spying on its nuclear energy program.