Recap: WikiLeaks Saga, Patch Tuesday Lead Security News
Cyber-attacks and other twists and turns tied to the WikiLeaks controversy continued to dominate the news this past week.
The story of the whistle-blower site has taken a number of twists and turns. The week started with the arrest of WikiLeaks founder Julian Assange in the U.K. on sexual assault accusations first levied in Sweden in August. With Assange's legal problems growing, key figures with WikiLeaks announced they were launching a rival whistle-blower site called Openleaks Dec. 13.
WikiLeaks supporters meanwhile continued their cyber-assaults on Websites belonging to businesses or institutions taking a stand against WikiLeaks, targeting everything from MasterCard to the Swedish prosecutor's office with denial-of-service attacks. The situation highlighted the use of opt-in botnets as vehicles of online protest.
In response to the leak of classified information, the U.S. military has reinstituted a ban on removable media. The armed forces have taken this step before; in 2008, a malware compromise sparked military officials to temporarily ban USB devices.
Away from the WikiLeaks controversy, Microsoft made its share of news during the week as well. The company is ending the year with a massive Patch Tuesday security update that is slated to have 17 security bulletins. Among the 40 vulnerabilities expected to be fixed is a privilege escalation bug exploited by the infamous Stuxnet worm, as well as an Internet Explorer zero-day the company warned users about last month.
The company also announced that it is adding a "Do Not Track" feature to Internet Explorer 9. Known as a "Tracking Protection List" (TPL), it will contain Web addresses the browser will only visit if the consumer visits them directly by clicking on a link or typing in the address. By limiting the calls to these Websites and resources from other Web pages, the TPL limits the information these other sites can collect on users, according to Microsoft.
"Tracking Protection in IE9 puts people in control of what data is being shared as they move around the Web," explained Dean Hachamovitch, corporate vice president and head of IE development. "It does this by enabling consumers to indicate what Websites they'd prefer to not exchange information with. Consumers do this by adding Tracking Protection Lists to Internet Explorer. Anyone, and any organization, on the Web can author and publish Tracking Protection Lists. Consumers can install more than one."
While companies prepare for Microsoft's Patch Tuesday Dec. 14, a security researcher revealed that hundreds of banking sites were still vulnerable to a 2-year-old security issue affecting certain versions of RSA's Adaptive Authentication product. According to RSA, EMC's security division, versions 2.x and 5.7.x of the on-premises edition of the product are vulnerable, and a patch has been available since 2008.
The past week also saw Juniper Networks acquire virtualization security vendor Altor Networks for $95 million. With the purchase, Juniper seeks to deliver integrated, scalable security architecture protecting physical and virtual systems.
"Juniper is excited to acquire one of the industry's leading virtualization security vendors and the extremely talented team that built it," said Mark Bauhaus, executive vice president and general manager of Service Layer Technologies at Juniper Networks, in a statement. "This acquisition will extend our leadership in data center and cloud security and will enable customers to deploy a consistent set of security services across their physical and virtual infrastructure, while delivering lowest total cost of ownership."