Friday, April 6, 2012

Week in review

For the first week in April, 2012 ...

  • Researchers estimate as many as 600,000 Macs have been infected with the Flashback trojan.  Apple released a Java patch this week to plug up the vulnerability used in this attack.  Several different articles on the topic here, here and here.
  • A vulnerability in Facebook mobile apps may allow attackers to grab your Facebook identity on iOS and Android devices.  A researcher in the UK has found the Facebook mobile app apparently doesn't encrypt or otherwise protect your login credentials (username and password).  In fact, he found quite a bit of information just using the basic file browser tools.  More information can be found here and here.
  • A story in Wired's Threat Level on Friday talks about a push by the European Union to criminalize "hacking tools".  Sounds like you could get busted for possessing the tools as well as for using them.  This could create serious problems for researchers and pen testers who use these types of tools to show flaws and help people better secure they devices and networks.  Creating laws like this tend to punish the law abiding way more than the criminals.  Hopefully it's not the start of a trend.