What a busy week for the internet! With topics from attacks and hacks to protests, bloggers have been busy covering the most recent news in the cyber security industry, and we are here to wrap it all up. The following are some of this week’s biggest headlines, along with some of the best commentary on them, enjoy!
1. Zappos Attack: “Zappos Breach Notice: Lessons Learned,” by Tom Field (@SecurityEditor). Field interviews a privacy attorney as she provides her analysis and opinion of Zappos’ response. Points of interest include the decision to shut down the customer service phone lines and denying non-US locations access, the tone and language of the notice, and incident response planning advice for all organizations.
2. T-Mobile Information Leak: “Website weaknesses at fault in T-Mobile hacktivist attack,” by Robert Westervelt, (@rwestervelt). A group calling itself TeaMpOisoN, claimed to have employed SQL Injection in order to attack T-Mobile’s server and gain the names, email addresses, phone numbers, and passwords of employees, which they then posted online. This event occurred a week after Bill Bonnie, T-Mobile’s VP of Information Security, was on a panel focused on understanding the nature and breadth of threats facing organizations.
3. The Tenth Anniversary of Bill Gates’ Trustworthy Computing Memo: Christopher Budd (@ChristopherBudd) recaps the effects of the memo, and provides a unique insider’s view of the impact it had on Microsoft with “10 years after Bill Gate’s Trustworthy Computing memo: What it meant for Microsoft and why every tech company needs one.” David Coursey (@techinciter) muses on the situation today in his post “10 Years After Gates’ Trustworthy Computing Memo, We’re No Better Off,” , stating that “Gates’s ‘eventually’ is still on the horizon.”
4. Google Releases Chrome’s Security Principals: a ZDNet article, “Google shares Chrome browser security principals,” by Ryan Naraine (@ryanaraine), examines Chrome features that help keep hackers away. Following the editorial which highlights Chrome’s sandbox architecture, use of anti-exploit technologies, and a publically documented security handling process, an interesting stream of comments follows.
5. Oracle Critical Patches: Also by Ryan Naraine, “Oracle to ship 66 critical security patches” reports on Oracle’s most recent round of vulnerability fixes, six of which affect its flagship database server, and two of which are labeled as “high risk,” due to a successful attack that caused a significant threat.
6. Symantec Source Code Breach: “Symantec source code breach saga continues,” by Paul Ducklin (@duckblog). Details of Symantec’s new admission of a 2006 hack that lead to the capture of the source code for several of their leading commercial and enterprise products. The Head of Technology, Asia Pacific for Sophos provides his perspective on the occurrences.
Is there anything we missed? As always, please share your thoughts and comments with us and enjoy your weekend!