Sabtu, 15 September 2012

Security Brief: Video Games, Flaws and Botnets


This past week was a busy one in all the departments of the information security industry: websites were hacked, data was leaked, botnets were disrupted, hackers were arrested, and vulnerabilities have been found. But let’s take them one at a time.

Video games have taken up a lot of our time this week. First, a couple of Czech developers from Bohemia Interactive were arrested in Greece because they were caught taking pictures of a military base for the Arma 3 game.

World of Warcraft players were shocked to find out that Blizzard is tracking them via secretly planted watermarks embedded in the screenshots they take.

Also in the gaming section, the developers of Guild Wars 2 admitted that the accounts of at least 11,000 players were taken over by cybercriminals.

Self-proclaimed Anonymous spokesperson and journalist Barrett Brown was arrested while chatting with his fans on TinyChat. The arrest came hours after he published a YouTube video in which he threatened an FBI agent.

After hacktivists learned that Brown was arrested, they leaked the credit card details of 13 US government officials. They also claimed to have published even more such details on carding forums and other underground websites.

A similar protest took place after Anonymous learned that the co-founder of Pirate Bay was arrested in Cambodia. They leaked around 5,000 documents belonging to the Cambodian government.

As far as botnets are concerned, Microsoft proudly announced to have disrupted the activity of Nitol, a threat that spread through unsecure supply chains. Other researchers have identified botnets that rely on the Tor anonymity network to hide their trails.

AlienVault claims to have identified the developer of the PlugX RAT. They say that he’s a “virus expert” from China and they even provided a couple of pictures of the guy.

This week, we also learned that the developers of the BlackHole exploit kit released the 2.0 version. A lot of improvements have been made, but the price remains the same as the one of the 1.x variant.

In the security research department we also had a number of interesting developments. The experts who last year presented the BEAST attack, returned with a similar attack against the TLS protocol. They called it CRIME and even made a video to show how it works.

Other important events: Microsoft released two security bulletins, researchers found that chip-and-PIN cards can be cloned, Security Explorations identified 17 vulnerabilities in IBM Java, and Vulnerability Lab found flaws in Army-approved Fortigate appliances.

As it turns out, the US government may have mistakenly heard you tell your mom that you love her. They might have also (accidentally) seen the emails you sent out to your former boyfriend/girlfriend after you had one too many beers. A US official admitted that an undisclosed number of innocent citizens were monitored.

We also heard some good news. The FTC has started sending out reimbursement checks to the victims of the Google Money Tree scam.

Finally, if you want to read something that will relax you, check out the epic hacks of 2012; the fakes, false rumors and unfounded threats.

Via: Security Brief: Video Games, Flaws and Botnets

Tidak ada komentar:

Posting Komentar