Happy Friday everyone and welcome to this week’s edition of our Weekly News Roundup!
Eliminate Vulnerable Code Project: “Project Finds, Purges Vulnerable Code Snippets From The Net” by Kelly Jackson Higgins in Dark Reading. This article in Dark Reading by Kelly Jackson Higgins takes a closer look at the Eliminate Vulnerable Code Project. The goal of the community-driven project is to cleanse the public domain of vulnerable code in order to help protect users of open source or publicly available code. Further commentary is provided by Veracode’s VP of Research, Chris Eng, who noted that while this was a worthwhile initiative, the difficulty lies in making this effort scalable. Explaining his concern on scalability, Chris stated “Even if we set aside open source projects, books, and other sources, the amount of code being posted to Web forums alone is tremendous, and it’s increasing at a rate that far outpaces the bandwidth of qualified application security experts.”
IBM and Siri: “IBM bans Siri: Privacy risk, or corporate paranoia at its best?” by Zack Whittaker at ZDNet. It was announced this week that IBM has banned the use of Siri on its corporate network. When Siri is asked to do something, it uploads whatever it is told to Apple’s datacenters for processing where what the user said is translated, and the results are sent back to the iPhone via Siri. IBM is concerned that the use of Siri on BYOD phones could expose IBM customer queries and industry secrets to Apple. Apple’s license agreement does not specify how long the information is stored for, who can access it, and how often it is accessed.
Android Malware Surges: “Android Malware Surges, Botnet Business Booms” by Matthew J. Schwartz on Information Week. This article follows a report by McAfee that thousands of new malware applications that specifically target Android have appeared this year, and they are trailed by a steady stream of botnet updates. Director of Security Research for McAfee David Marcus says, “Malicious code is on the rise again plain and simple. We are seeing more malware than in the recent past and you can count on that figure to rise in the coming year. In particular, mobile platforms present today’s cybercriminal with an almost irresistible target.” The growth of this risk is so explosive that the number of new malware apps targeted at mobile devices shot from approximate 500 in the fourth quarter of 2011 to over 6,000 in the first quarter of 2012.
Cybersecurity Curriculum: “NSA gets cash to expand cyber expertise” – Finally, Nick Farrell reports about a Thomson Reuters story on the NSA. The National Security Agency has received funding to build up secret intelligence operations positioned against enemies on computer networks. Through a cyber operations curriculum taught at selected universities, the NSA will create basic education for jobs in intelligence, the military, and law enforcement. Don’t plan on just popping into a class though – apparently the course is so secret that it will only be revealed to select students at an extremely small number of facilities. Out of the 20 that applied to participate, only Northeastern University, Dakota State University, the Naval Postgraduate School, and the University of Tulsa were granted the designation of “Centre of Academic Excellence in Cyber Operations.”