A recap of the past week's security news features another twist on the WikiLeaks controversy, compromised iTunes accounts being sold online and the push for a trusted identity ecosystem for the Web.
The first week of 2011 was a busy one in IT security news.
It was a week that saw an acquisition by Dell, talk of trusted online
identities and reports of a subpoena for Twitter.
subpoena came to light
at the end of the week when it was revealed a
federal judge had ordered the microblogging service to turn over records for
several people tied to WikiLeaks. The subpoena seeks records on WikiLeaks
founder Julian Assange, U.S. Army intelligence analyst Bradley Manning, Dutch
hacker Rop Gonggrijp, computer programmer Jacob Appelbaum and Icelandic
parliament member Birgitta J??nsd??ttir.
According to the subpoena, the U.S. Department of Justice is after records
going back to Nov. 1, 2009,
that are "relevant and material to an ongoing criminal investigation"-including
IP addresses, session times and other data.
"WikiLeaks strongly condemns this harassment of individuals by the U.S.
government," WikiLeaks said in a statement relayed to Reuters by WikiLeaks
attorney Mark Stephens.
Meanwhile, the White House issued
a memo outlining
how federal agencies and departments should
conduct internal information security assessments. According to the memo,
departments or agencies handling classified information have to complete their
initial review by Jan. 28.
As the battle between WikiLeaks and the United
States goes on, the federal government also
made news during the week when it established a new office in the U.S.
Department of Commerce to coordinate government efforts to spur the creation of
a trusted online identity ecosystem. The responsibility for leading the drive
to establish that ecosystem, however, rests with the tech industry,
Commerce Secretary Gary Locke said.
goal is to foster
an identity ecosystem where Internet users can use
strong, interoperable credentials from public- and private-sector providers to
authenticate themselves online for a whole host of transactions," Locke
told an audience at a forum at the Stanford Institute for Economic Policy
Research at Stanford University
On the subject of identity, news broke that some 50,000
compromised Apple iTunes
accounts were available for sale on a popular
Chinese online store. According to the Global Times, thousands of such accounts
have been sold during the past several months. It was not clear if
user account credentials were phished, stolen through malware or if the
accounts were established using stolen credit cards.
There were also reports that some paid apps in Apple's
Mac App Store for the Mac OS X
do not properly validate App Store receipts,
making it possible to get those programs for free. This could open the door to
pirated copies of apps being booby-trapped with malware to infect users, Sophos
Senior Security Adviser Chester Wisniewski warned.
Since malware operations are often profit-driven, attackers are required to
find ways to launder money and turn stolen data into cash. In a conversation
with security experts, eWEEK took a look at how money
mules are recruited and managed
On the vendor side of things, Dell
announced plans Jan. 4
to acquire managed security service provider
SecureWorks for an undisclosed sum. The move would expand Dell's IT services
portfolio, and could also fit into the company's cloud strategy, analysts said.
In other news, Microsoft announced it is releasing
fixes Jan. 11
for three Windows security bugs as part of this month's Patch
Tuesday. A number of other bugs-including an Internet Explorer vulnerability
the company issued an advisory on in December-that have made the news in the
past few weeks are not slated to be patched in the update.