A recap of security news for the past week touches security researchers, vendors and attackers alike.
Security vendors, researchers and the Web's bad actors all made the news
this past week.
The week closed with news that David Kernell, the man convicted of breaking
into Sarah Palin's
during the 2008 U.S. presidential election, had been sent to
prison instead of a halfway house as a judge had recommended. Kernell was
convicted in April 2010 and later sentenced to a year and a day. His projected
release date is Nov. 30,
Elsewhere in the world of security, the Rustock botnet was shown to be hard
at work once again after a relatively brief respite. Before Christmas, Rustock
was responsible for as many as 44 billion spam e-mails per day, Paul Wood,
MessageLabs senior intelligence analyst for Symantec Hosted Services, told
restarted on Jan. 10
, and in 24 hours the spam it was sending accounted for
19 percent of all spam," he said.
A critical security flaw in supervisory control and data acquisition (SCADA)
systems used in China
raised the specter of a possible
. Dillon Beresford, a researcher with NSS
Labs, uncovered a heap overflow vulnerability in SCADA software developed by
Beijing WellinControl Technology Development that could be used by an attacker
to execute code.
, the hole in WellinControl's Kingview software was
patched in December. However, China's
Computer Emergency Response Team (CNCERT) admitted to Threatpost that it
initially missed an e-mail from Beresford revealing the issue in September.
CNCERT reportedly became aware of the bug after the U.S. Computer Emergency
Response Team notified it.
Also in the area of vulnerabilities, Microsoft
issued a small Patch Tuesday
update Jan. 11 to start off the year. The
company addressed a total of three vulnerabilities in Windows, and added a new
workaround for an unpatched vulnerability in Internet Explorer that the
company warned users about in December.
eWEEK also highlighted a number
coming at the Black Hat
DC conference, which runs from today
until Jan. 19. Among the presentations is one dealing with specialized
software running over Amazon's
that can be used to crack passwords on wireless
networks. According to Thomas Roth, a security consultant with Lanworks AG,
WPA-PSK, the most commonly used encryption for wireless networks, can be
cracked if the attacker has enough powerful computers testing password
His password-cracking software uses a "brute force" attack to
decipher passwords. Roth has said his aim is to convince network
administrators that WPA-PSK is not strong enough, and they should be using
stronger encryption algorithms.
"Once you are in, you can do everything you can do if you are connected
to the network," he said.
Other Black Hat DC
research includes a look at SAP application
security and advanced
techniques for stealing data.