This Week In Computer Security

This week in computer security wasn’t as rough as in weeks past, with few major breaches or attacks of note.  The real news this week comes in the form of leaked documents, exploits, and emails and an interesting operating system supposedly from the Anonymous collective.

Anonymous OS:

Anonymous supposedly released an eponymous operating system containing tools such as the Low-Orbit Ion Cannon (LOIC) and a few other DDOS tools as well as a suite of anonymization and hacking tools.  Unfortunately it was reported that the Ubuntu-based operating system was riddled with trojan and other malicious software.  Many Anonymous elements on twitter were asking potential users not to risk downloading it.  These suspicions caused Sourceforge to investigate the project and later remove it for “transparency” reasons on the part of the author.  It had about 37000 downloads when it was removed.
Read more here: http://www.theregister.co.uk/2012/03/16/anon_os_trojan_fears/

Syrian President’s Emails Exposed:

Syrian opposition forces gained access to the private emails and passwords of Bashar al-Assad for such services as iTunes and more through what they called an internal source.  These emails were leaked by the Guardian (http://www.guardian.co.uk/world/series/assad-emails-the-documents) and detail some expenditures, questionable photos, and some insights into the Syrian uprisings.  Hacks such as this further illustrate the role that information warfare can take in modern conflicts.
More here: http://in.reuters.com/article/2012/03/16/syria-hacking-idINDEE82F0HX20120316


Microsoft Security Leak?

The security community is worried that there may be a leak in a Microsoft security program designed to release exploits to companies enrolled in the program.  These companies are responsible for the security for many clients or are responsible for maintaining security products.  Each member of the program is supposedly vetted and maintains Non-disclosure agreements related to the disclosure of exploits.  Unfortunately, a leaked exploit proof-of-concept containing the exact packet used in the report from a security researcher has ended up on a Chinese-language forum.  This may indicate a compromise at Microsoft or a leak.
Read More Here: http://www.zdnet.com/blog/security/exploit-code-published-for-rdp-worm-hole-does-microsoft-have-a-leak/10860

CTOvision Pro Special Technology Assessments

We produce special technology reviews continuously updated for CTOvision Pro members. Categories we cover include:

  • Analytical Tools - With a special focus on technologies that can make dramatic positive improvements for enterprise analysts.
  • Big Data - We cover the technologies that help organizations deal with massive quantities of data.
  • Cloud Computing - We curate information on the technologies enabling enterprise use of the cloud.
  • Communications - Advances in communications are revolutionizing how data gets moved.
  • GreenIT - A great and virtuous reason to modernize!
  • Infrastructure  - Modernizing Infrastructure can have dramatic benefits on functionality while reducing operating costs.
  • Mobile - This revolution is empowering the workforce in ways few of us ever dreamed of.
  • Security  -  There are real needs for enhancements to security systems.
  • Visualization  - Connecting computers with humans.
  • Hot Technologies - Firms we believe warrant special attention.

 

Recent Research

Tech Firms Seeking To Serve Federal Missions: Here is how to follow the money

Creating The New Cyber Warrior: Eight South Carolina Universities Compete

Mobile Gamers: Fun-Seeking but Fickle

Update from DIA CTO, CIO and Chief Engineer on ICITE and Enterprise Apps

Pew Report: Increasing Technology Use among Seniors

Finding The Elusive Data Scientist In The Federal Space

DoD Public And Private Cloud Mandates: And insights from a deployed communications professional on why it matters

Intel CEO Brian Krzanich and Cloudera CSO Mike Olson on Intel and Cloudera’s Technology Collaboration

Watch For More Product Feature Enhancements for Actifio Following $100M Funding Round

Navy Information Dominance Corps: IT still searching for the right governance model

DISA Provides A milCloud Overview: Looks like progress, but watch for two big risks

Innovators, Integrators and Tech Vendors: Here is what the government hopes they will buy from you in 2015

solid
About BryanHalfpap

Bryan Halfpap is a software programmer, technology analyst and writer and a driving force behind the security reporting at CTOvision.com He is a frequent speaker at events and conferences including Defcon. You can find him on twitter: @crypt0s