Google indexes 86K+ printers accessible from Internet

Printers on the Internet = total fail!  Funny article by ZDNet's Zack Wittaker.

Whoops: Google indexes more than 86,000 HP 'public' printers
http://cdn-static.zdnet.com/i/r/story/70/00/010352/screen-shot-2013-01-25-at-12-49-20-v1-530x259.png?hash=ZzHmLJEzBT&upscale=1

Cyber Warfare and the Mutually-Assured Destruction of Cyberspace

I frequently read the writings of Lenny Zeltser; he's a smart guy who always has something interesting to say.  He posted a short entry on his blog in July of 2012 stating his theory of how countries will use the principle of mutually-assured destruction to deter each other from a major world war in cyberspace.
Worth a read, check it out here:
http://blog.zeltser.com/post/27846821868/mutually-assured-destruction-in-cyberspace

NON-SECURITY: Definition of 'sale'?

I was doing some grocery shopping the other day and while in the beer isle I noticed a great 'deal'.

Sure would like to know what their definition of 'sale' is.  lolz

Windows 8 Runs 7-Year Old Malware (ouch)

One of the key points being marketed about Windows 8 is that it has much better security built into it than previous versions. I find it interesting that Microsoft will be releasing critical patches already.

Anyway, the fine folks at Bitdefender Labs decided to test Windows 8 against some malware and have posted the results. What they found is trully astonishing and I suspect Microsoft isn't going to be thrilled with it.

http://labs.bitdefender.com/2012/11/newest-windows-version-runs-oldest-malware-still-in-wildcore/

2008 Malware Challenge Revisited

My buddy Tyler Hudak has posted our a malware challenge contest that we ran in 2008.  We thought it would be a good idea to give those who haven't tried it an opportunity to do so.

Check out the challenge here at Security Shoggoth's blog:
http://secshoggoth.blogspot.com/2012/11/2008-malware-challenge.html#links

Wired writers digital life hacked...and wiped

A few weeks ago Wired magazine writer Mat Honan's digital life was completely erased.  The attacker was able to do this in only one hour.  The hack exposed some weaknesses in Apple and Amazon's password reset processes.  These holes have since been closed.

I feel bad for Mat, but this story serves as a good learning lesson in areas such as:

• Password resent processes
• Helpdesk personnel training
• Connecting everything with one email account
• Backing up your files

Articles:
http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/

Video by Matt:
http://www.wired.com/gadgetlab/2012/08/mat-honan-video/
 

Free Local Cleveland Security Event July 13th

Security B-Sides is coming to Cleveland again this year on July 13, 2012. One full day of interesting talks....for FREE! You don't want to miss it. Hurry, seating is limited!

Security B-Sides Cleveland When: Friday, July 13, 2012 Where: Embassy Suites Cleveland - Rockside Address: 5800 Rockside Woods Boulevard, Independence 44131 Cost: Free (as always!)

It is co-sponsored by the Northeast Ohio Information Security Forum (NEOISF.ORG).

Apple & Android Mobile Application Steals Phonebook

I thought I'd share with you a recent blog post from the good folks @ Kaspersky Labs spotlights a suspicious mobile application that they discovered.

The application is called "Find and Call" and is on the iOS Apple App Store and Android’s Google Play that performs malware-type behaviors. It appears to act like a trojan that uploads a user’s phonebook to remote server which results in your contacts receiving SMS spam.

Check out their blog post detailing what they found.

http://www.securelist.com/en/blog/208193641/Find_and_Call_Leak_and_Spam

Receive an email from Google? Your website might be hacked

As you know Google scans the websites on the Internet regularly. So it only makes sense that they are able to detect when sites have been hacked. Recently they have notified the webmasters of 20,000 websites where code on the sites redirect visitors to a malicious site. The code they look for in this latest scan is an eval() function used to execute Javascript.

The email provides a link to a page with instructions on how to clean the website: Google's Webmaster Tools support page.

I applaud Google's efforts and would like to see them continue this. A part of me, though, wonders how long until spammers start sending out fakes notices with link to their malicious site. Maybe they should just tell people to visit their search site and search for removing eval function from website -- I'm pretty sure they have the ability to redirect users to their fix page. ;)

This article talks about this item in further detail. http://www.h-online.com/security/news/item/Google-warns-the-operators-of-thousands-of-hacked-web-sites-1542374.html

Un-stealthify short links

Have you seen a short link and wonder where it leads to, without visiting it? You never know where it will take you. We all use these services ourselves for legitimate purposes but we also know there have been and continue to be numerous attacks using these link shortening services.

Well unlike Kiss' Unmasked album, where the band doesn't show their faces as promised,

I recently found a very handy website that will show you where that short link leads to. This website gives you a way to see the link without having to visit it directly. Check it out.

http://unshorten.com/