The Stratfor data breach, a "good virus" from Fujitsu and financial malware morphing into a Facebook worm were among the security headlines for the first week of 2012.
This past week, the
Tech Herald published a detailed
analysis of the password hashes that had been
dumped shortly after Christmas in the wake of the Stratfor data breach.
It took the Tech Herald less than 5
hours to crack the hashes of more than 80,000 passwords, using a readily
available cracking tool and a standard computer. It was clear, based on the
analysis, that Stratfor had not enforced its password policies on users to
ensure they were selecting strong credentials or that it had adequately
protected user data on its own systems.
In its own analysis of the leaked data,
Identity Finder had estimated that of the 859,311 people affected, 11.8 percent
could theoretically have a compromised password because they could be cracked
easily. The average password length was 7.2 characters, according to Identity
Finder, but the Tech Herald discovered a handful of users had gotten away with
selecting a password that was only one character long.
On Jan. 6, several Stratfor subscribers
reported receiving an email purporting to be from the organization that was
actually a message from the
attackers mocking Stratfor. There were also
reports of
Rick-Rolling messages and malicious attachments.
Also emerging in the first week of January
were reports that Fujitsu was testing a "
good virus" that had been created at the
request of the Japanese government that could track down the source of a
cyber-attack and disable any malicious software the attack had launched.
Details were sketchy, but there were concerns about automating the process of
searching out attackers and destroying the systems. Security experts wondered
about the security implications of unauthorized code running on people's
computers.
Security researchers warned about a
variant of the Ramnit worm that
had stolen more than 45,000 Facebook passwords.
The worm tried the stolen passwords against other corporate services and
Websites to find instances where the victims had reused passwords. Ramnit also
logged into the users' accounts to spam Facebook friends to keep propagating
the worm.
A group of hackers based in India
claimed to have gotten their hands on internal Symantec documents and source
code from a server belonging to Indian intelligence agencies. Symantec
initially dismissed the claims, noting that the excerpt that had been leaked
was from
a document dating back to 1999. After further
investigation, the company confirmed that attackers may have
source code to two of its enterprise security products.
However, the company claimed that the tools were more than 4 years old and one
of the product versions had been discontinued.
"Even if it was up-to-date source
code, it may be of limited use to hackers and be used more as a 'trophy scalp'
for a hacking group intending to generate publicity for its grievances with the
Indian authorities," Graham Cluley, senior technology consultant at
Sophos, wrote on the Naked Security blog.
Security experts were more concerned
about the fact that Symantec lost its data through no fault of its own, since
the code was on a third-party server. "It is not enough to ensure you
follow best practices; in an interconnected world, you have to worry about the
security of other organizations," Mike Lloyd, CTO of RedSeal Networks,
told
eWEEK.
This coming week will be a patch-heavy
week, as
Microsoft plans seven bulletins for January's
Patch Tuesday update and Adobe will fix a slew of vulnerabilities in
Acrobat and Reader. Developers released
new versions of OpenSSL in which six
vulnerabilities were addressed in the open-source implementation of the Secure
Sockets Layer protocol this past week.
Email
Print
