Infosec Weekly Roundup, March 19 – 25, 2012

For cloud services, security first – growth second, is the winning strategy

The first up for this week is by Richard Stiennon, security expert and Chief Research Analyst for IT Harvest, the article covers cloud computing companies and their security issue, how vendors that prioritize security are more successful than those that are focusing on functionalities…

“My oft repeated advice for technology vendors is that security sells.  Given a choice between two vendors of similar products or services an informed buyer will head for the vendor that can better protect his or her data. Large technology vendors forget this. “

Wireless Security: Wi-Fi Hacking Burglars Get Busted

The second post is by Robert Siciliano that is covering wireless network encryption problem and how hackers are arrested for attacking Wi-Fi network that are using WEP a weak encryption system that may be cracked within a few seconds.

“SeattlePI reported their Wi-Fi hacking techniques included “wardriving,” in which hackers mount a high-strength Wi-Fi receiver inside a car and search for networks that can be penetrated.”

Twitter Bots Target Tibetan Protests

Here is another incident reported by Brian Krebs a previous reporter for The Washington Post, criminals have used Twitter accounts to post twitts and bombing targeted hashtags to prevent users from following certain news.

“Twitter bots — zombie accounts that auto-follow and send junk tweets hawking questionable wares and services — can be an annoyance to anyone who has even a modest number of followers. But increasingly, Twitter bots are being used as a tool to suppress political dissent, as evidenced by an ongoing flood of meaningless tweets directed at hashtags popular for tracking Tibetan protesters who are taking a stand against Chinese rule.”

Malware Analysis Tutorial 22: IRP Handler and Infected Disk Driver

The malware analysis tutorials continue to the 22 part with Max++ analysis.

“This tutorial continues the analysis presented in Tutorial 20. We reveal how Max++ uses a modified disk driver to handle I/O requests on the disk it created (its name is “\\?\C2CAD…”). Recall that in section 4.2.3 we showed you Max++ creates a new IO device and hooks it to the malicious driver object, so that whenever an IO request is raised on this device the request will be forwarded to driver object 8112d550, as shown below. “

New Blackhole spreading malware

Trojan – stealer of user personal data. Spreads via BH EK

That’s all for this week, if you have more information security news please to share them with our readers by sending emails or using the contact form.

Notify of
Inline Feedbacks
View all comments