The main information security events of the week between October 22 and October 28

Oct 28, 2012 02:31 GMT  ·  By

This week, most security solutions providers rushed to released their reports for the third quarter of 2012. Besides some interesting statistics about spam, malware and phishing we’ve also learned about a number of noteworthy vulnerabilities that affect various “products.”

One of the most interesting vulnerabilities revealed this week was the denial-of-service (DOS) flaw that affected Broadcom BCM4325 and BCM4329 wireless chipsets. That’s because these chips can be found in some popular products made by Apple, Samsung, HTC, Motorola, Acer, Asus, Sony Ericson and even Ford (the car manufacturer).

This week, the United States Computer Emergency Readiness Team released a report to warn companies about the use of weak Domain Keys Identified Mail (DKIM) verifiers which can be utilized by cybercriminals to cleverly spoof emails.

The flaw was initially identified by mathematician Zachary Harris and it’s said to affect not only Google, but also Amazon, PayPal, Yahoo!, eBay, Apple, Twitter and even some financial institutions.

An interesting security hole was detected in airline boarding passes. In theory, the design flaw allows anyone with the technical know-how to determine if they’ll undergo proper screening before boarding an airplane.

Finally, some interesting vulnerabilities in the use of SSL have also been identified by both German and US university researchers.

The Q3 2012 reports released this week by various companies contain highly interesting details about what happened in these past few months on the cyber security front. We’re not going to go into details now, but the studies released by Panda, the Anti-Phishing Working Group (APWG), Host Exploit, Commtouch, Kaspersky, SplashData and FireHost are all worth checking out.

As far as hacks go, Anonymous hackers claim to have breached the systems of Italy’s State Police, leaking around 1.3 gigabytes worth of information stolen from their computers.

Izz ad-Din al-Qassam Cyber Fighters – the hacktivists responsible for attacking US banks – have been quiet all week. They are celebrating Eid al-Adha so they’ve taken a break from launching DDOS attacks.

In the cybercrime department, renowned bookstore Barnes and Noble took the spotlight after hackers breached the keypads of point of sale devices from 63 stores (one device at each location). They have stolen credit card information which they've already started utilizing to make fraudulent purchases.

Finally, some controversial “Anonymous” hackers know as Fawkes Security wanted to promote Operation Jubilee by releasing a video in which they claimed to have planted a bomb in a US government building.

We also have some noteworthy stories in the miscellaneous section.

Researchers from Security Explorations – the ones famous for finding vulnerabilities in Java, among other things – revealed that they were unhappy with Oracle’s decision to address a Java SE vulnerability only in February 2013.

Despite the fact that it affects around one billion users, Oracle claims that it can’t release a patch because a lot of integration testing is needed. However, the experts proved that a fix for the bug can be made in around 30 minutes.

On Friday, we learned that US copyright regulators declared copying DVDs and modding video game consoles still illegal.

Finally, US Defense Secretary Leon Panetta told reporters at a press conference why Iran was the main suspect in the Saudi Aramco attacks. Apparently, there are only a few countries which could have developed the malware that was utilized in the malicious operation.