The Week That Was – 8/13/2012

Highlights for this week include:

  • Mat Honan getting pwn3d pretty hard through what was essentially a social engineering attack. [1],[2],[5]-[7]
  • Mr. Alex Hutton introduces the Risk Fish.  I need to spend some quality time with this diagram.  On first glance, it looks like it can make the process of risk assessment a little easier. [8]
  • Those crazy kids at Las Vegas B Sides come up with a new and creative way to execute arbitrary code and SQL injection attacks simultaneously.  Good thing too, because I was starting to run out of things to worry about. [14]

Here’s the list:

[1]
D. Walker-Morgan, “Apple and Amazon reset phone password resets,” The H Security, 08-Aug-2012. [Online]. Available: http://www.h-online.com/security/news/item/Apple-and-Amazon-reset-phone-password-resets-1662721.html. [Accessed: 08-Aug-2012].
[2]
S. Musil, “Apple freezes AppleID password resets requested over the phone,” CNet News, 07-Aug-2012. [Online]. Available: http://news.cnet.com/8301-13579_3-57488782-37/apple-freezes-appleid-password-resets-requested-over-the-phone/. [Accessed: 08-Aug-2012].
[3]
K. Liston, “Blizzard Compromise– what they missed in their user communication,” ISC Diary, 10-Aug-2012. [Online]. Available: http://isc.sans.edu/diary.html?storyid=13870&rss. [Accessed: 10-Aug-2012].
[4]
G. S. Phillips, “Compliance And Proofreading: A Fresh Perspective Is Required,” Dark Reading, 03-Aug-2012. [Online]. Available: http://www.darkreading.com/blog/240004915/compliance-and-proofreading-a-fresh-perspective-is-required.html. [Accessed: 06-Aug-2012].
[5]
M. Honan, “How Apple and Amazon Security Flaws Led to My Epic Hacking,” Gadget Lab, 06-Aug-2012. [Online]. Available: http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/. [Accessed: 07-Aug-2012].
[6]
K. Zetter, “How Not to Become Mat Honan: A Short Primer on Online Security,” Wired Magazine, 07-Aug-2012. [Online]. Available: http://www.wired.com/threatlevel/2012/08/how-not-to-become-mat-honan/. [Accessed: 08-Aug-2012].
[7]
P. Wagenseil, “How the iCloud Hack Happened and How to Avoid Being Next,” Scientific American, 07-Aug-2012. [Online]. Available: http://www.scientificamerican.com/article.cfm?id=10-pros-and-cons-of-jailb&print=true. [Accessed: 08-Aug-2012].
[8]
A. Hutton, “Introducing: The RiskFish – Dark Reading,” Dark Reading, 08-Aug-2012. [Online]. Available: http://www.darkreading.com/blog/240005182/introducing-the-riskfish.html. [Accessed: 09-Aug-2012].
[9]
J. Kirk, “Massive payment card upgrade has mixed results in Australia,” Computer World – Security, 06-Aug-2012. [Online]. Available: http://news.idg.no/cw/art.cfm?id=BF8705B0-CAB5-4A44-A768FFBD31161721. [Accessed: 06-Aug-2012].
[10]
D. Wesemann, “Phishing for Payroll with unpatched Java,” ISC Diary, 05-Aug-2012. [Online]. Available: http://isc.sans.edu/diary.html?storyid=13840&rss. [Accessed: 06-Aug-2012].
[11]
M. Rothman, “Pragmatic WAF Management: the Trouble with WAF,” Securosis, 01-Aug-2012. [Online]. Available: https://securosis.com/blog/pragmatic-waf-management-the-trouble-with-waf. [Accessed: 06-Aug-2012].
[12]
M. Rothman, “Pragmatic WAF Management: the WAF Management Process,” Securosis, 03-Aug-2012. [Online]. Available: https://securosis.com/blog/pragmatic-waf-management-the-waf-management-process. [Accessed: 06-Aug-2012].
[13]
T. Wilson, “Republican Filibuster Kills Cybersecurity Act Of 2012 In Senate,” Dark Reading, 05-Aug-2012. [Online]. Available: http://www.darkreading.com/security/news/240005000/republican-filibuster-kills-cybersecurity-act-of-2012-in-senate.html. [Accessed: 06-Aug-2012].
[14]
E. Chickowski, “Serving Up Malicious PDFs Through SQL Injection,” Dark Reading, 09-Aug-2012. [Online]. Available: http://www.darkreading.com/database-security/167901020/security/news/240005188/serving-up-malicious-pdfs-through-sql-injection.html. [Accessed: 09-Aug-2012].
[15]
G. Hinson, “Social engineering trumps Wal-Mart customer service,” (ISC)2 Blog, 09-Aug-2012. [Online]. Available: http://blog.isc2.org/isc2_blog/2012/08/social-engineering-trumps-wal-mart-customer-service.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+isc2Blog+%28%28ISC%292+Blog%29&utm_content=Google+Reader. [Accessed: 10-Aug-2012].

 

Leave a Reply

%d bloggers like this: