[Owasp-cincinnati] Selected Security News For The OWASP List

Marco M. Morana marco.m.morana at gmail.com
Thu Sep 16 20:59:44 EDT 2010 

OWASP

New OWASP mobile project open for contribution here
https://lists.owasp.org/mailman/listinfo/owasp-mobile-project. 

 

InfoSec And AppSec news

 

Google Admits Firing Engineer Over Data Breach

According to The Wall
<http://www.foxbusiness.com/topics/business/wall-street-dow.htm>  Street
Journal, Bill Coughran, senior vice president of engineering, confirmed the
firing of software engineer David Barksdale for "breaking Google's strict
internal privacy policies."

http://www.foxbusiness.com/markets/2010/09/15/google-admits-firing-engineer-
data-breach/

 

Want To Nuke A Website? A Botnet For Hire.. a commercial botnet has been
<http://www.damballa.com/IMDDOS/>  established by a China-based managed
services provider (MSP) for anyone wishing to take down a website using
Distributed Denial of Service attacks.

http://www.tomsguide.com/us/botnet-IMDDOS-Damballa-MSP-cyber-hitmen,news-802
3.html

 

New commercial DDoS botnet discovered

Researchers have discovered a fast-growing botnet that was designed as part
of a commercial service for launching distributed denial-of-service (DDoS
<http://www.scmagazineus.com/search/ddos/> ) attacks against any target.

http://www.securecomputing.net.au/News/232181,new-commercial-ddos-botnet-dis
covered.aspx

 

Mexican Twitter-controlled botnet unpicked

Security researchers have discovered another botnet that uses Twitter as a
command and control channel.

http://www.theregister.co.uk/2010/09/15/mexican_twitter_botnet/

 

Secure App Development Can Lead To Cost Savings, Study Says

"The study found that companies are realizing substantial benefits from
[secure software assurance] right out of the box, saving as much as $2.4M
per year from a range of efficiency and productivity improvements, including
faster, less-costly code scanning and vulnerability remediation, and
streamlined compliance and penetration testing," the report says.

http://www.darkreading.com/vulnerability_management/security/app-security/sh
owArticle.jhtml?articleID=227400302

 

[ISN] Fraud At Sprint Offers Lessons For Enterprises, Experts Say

Last week, nine Sprint employees were charged with misusing their access to
the telecommunications giant's systems to redirect phone charges to other
customers by "cloning" their cell phones -- to the tune of more than $15
million in fraudulent charges in the first six months of this year.

http://www.darkreading.com/insiderthreat/security/management/showArticle.jht
ml?articleID=227300424

 

80% of network attacks target web-based systems

2010 has brought the use of the Internet for conducting business to an
all-time high; however, attacks continue to strike networks more than ever
by using sophisticated techniques.

http://www.net-security.org/secworld.php?id=9880

 

SQL Injection Attacks, A Growing Menace

Cisco, in its worldwide threat report (Q2-2010), discloses that there has
been a significant rise in IPS SQL injection attacks during the 3-months
time when websites, hijacked through SQL insertions, surged.

http://www.spamfighter.com/News-15078-SQL-Injection-Attacks-A-Growing-Menace
.htm

 

Product Watch: New Tool Moves Browser Into Virtual Environment For Security

Invincea, a security firm originally funded by the Defense Advanced Research
Projects Agency (DARPA) to build a prototype virtualized browser, today
rolled out a Windows application that places Internet Explorer (IE) into a
virtual environment in order to protect the underlying system from Web-based
attacks

http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID
=227400269

 

HTTP Strict Transport Security (HSTS) is a proposed web security policy
mechanism where a web server declares that complying user agents (such as a
web browser <http://en.wikipedia.org/wiki/Web_browser> ) are to interact
with it using secure connections only (such as HTTPS
<http://en.wikipedia.org/wiki/HTTP_Secure> ).

http://en.wikipedia.org/wiki/Strict_Transport_Security

 

 

Marco Mirko Morana

OWASP Cincinnati USA Chapter Lead

Writing Secure Software Blogger

Application Threat Modeling Book Author

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20100916/7d54e982/attachment.html

More information about the Owasp-cincinnati mailing list