[OPLIN 4cast] OPLIN 4Cast #300: Threatening innovations

Editor editor at oplin.org
Wed Sep 19 10:30:07 EDT 2012 

Email not displaying correctly? View it in your browser. 
<http://www.oplin.org/4cast/>
OPLIN 4Cast

OPLIN 4Cast #300: Threatening innovations
September 19th, 2012

You have to admit, the people who try to take over your computer or 
steal your private information for their own shady purposes are 
undoubtedly inventive. It seems as if every month they develop at least 
one surprising new major exploit of computers and the Internet, and 
recently they have been more active 
<http://www.securityweek.com/mcafee-sees-biggest-increase-malware-attacks-last-four-years> 
than they have been for years. We're seeing news stories about routers 
turned into botnet clients, government-built viruses (just who are the 
good guys?), and new PCs shipped pre-infected with malware. And what the 
heck is a UDID anyway?

  * Router botnets are more of a reality than you think
    <http://www.securityweek.com/router-botnets-are-more-reality-you-think>
    (SecurityWeek/Steve Ragan) "Unfortunately, those are just some of
    the ways to maliciously flash a router without anyone being the
    wiser. Updated firmware (as in ensuring the device is current on the
    latest version) can help in some cases but not all, as attacks that
    target retained settings within the device's memory can still lead
    to compromise. In the end, using an open router within an active
    SOHO [Small Office/Home Office] environment will come down to risk
    tolerance. If the business is ok with the risk, no need to worry."
  * Cyber clues link U.S. to new computer viruses
    <http://www.reuters.com/article/2012/09/17/usa-security-viruses-idUSL1E8KEJBV20120917>
    (Reuters/Jim Finkle) "The United States has already been linked to
    the Stuxnet Trojan that attacked Iran's nuclear program in 2010 and
    the sophisticated Flame cyber surveillance tool that was uncovered
    in May. Anti-virus software makers Symantec Corp of the United
    States and Kaspersky Lab of Russia disclosed on Monday that they
    have found evidence that Flame's operators may have also worked with
    three other viruses that have yet to be discovered."
  * Microsoft disrupts the emerging Nitol botnet being spread through an
    unsecure supply chain
    <http://blogs.technet.com/b/microsoft_blog/archive/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain.aspx>
    (Official Microsoft Blog/Richard Domingues Boscovich) "The discovery
    and successive action against the Nitol botnet stemmed from a
    Microsoft study looking into unsecure supply chains. The study
    confirmed that cybercriminals preload malware infected counterfeit
    software onto computers that are offered for sale to innocent
    people. In fact, twenty percent of the PCs researchers bought from
    an unsecure supply chain were infected with malware."
  * What's the big deal with iPhone UDIDs?
    <http://arstechnica.com/apple/2012/09/ask-ars-whats-the-big-deal-with-iphone-udids/>
    (Ars Technica/Chris Foresman) "The UDID [Unique Device Identifier]
    could be used as a sort of 'anonymized' token. However, many
    developers connected a UDID with users' real names, user names,
    passwords, location, or other data. While the UDID alone would be of
    little use to hackers or identity thieves, network snoopers could
    correlate these UDIDs with other data gleaned from multiple apps,
    which privacy advocates believe is plenty to home in on a particular
    person."

*/Malware fact:/*

According to McAfee Labs 
<http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2012.pdf> 
[pdf], more than eight million new kinds of malware were launched in the 
second quarter of 2012.
------------------------------------------------------------------------
The */OPLIN 4cast/* is a weekly compilation of recent headlines, topics, 
and trends that could impact public libraries. You can subscribe to it 
in a variety of ways, such as:

  * *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
    subscribing to the following URL:
    http://www.oplin.org/4cast/index.php/?feed=rss2.
  * *Live Bookmark.* If you're using the Firefox web browser, you can go
    to the 4cast website (http://www.oplin.org/4cast/) and click on the
    orange "radio wave" icon on the right side of the address bar. In
    Internet Explorer 7, click on the same icon to view or subscribe to
    the 4cast RSS feed.
  * *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
    OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
    http://mail.oplin.org/mailman/listinfo/OPLIN4cast.


OPLIN 4Cast
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20120919/687d382b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kubrickheader.jpg
Type: image/jpeg
Size: 38379 bytes
Desc: not available
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20120919/687d382b/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: malware.png
Type: image/png
Size: 21581 bytes
Desc: not available
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20120919/687d382b/attachment-0001.png>

More information about the OPLIN4cast mailing list