This week in Infosec - 2008-09-08
A snapshot of what’s been talked about in the IT Security realm over the past week.
Threats/Countermeasures
Storm Worm
Inevitably, lots of scam hurricane relief sites are popping up :(
Attack Vectors/Trends
Malware
Malware is morphing much faster than any antivirus can keep up, as evidenced by an ISC handler’s diary entry: “Malware Analysis: Tools are only so good
If you want to be able to sleep at night, don’t rely solely on your AV to keep you save.
News and Analysis
The Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months
I was perusing some of the data put out by the Shadowserver Foundation that tracks botnets. One piece of information grabbed my eye, namely that over the last 3 months, the number of infected machines quadrupled. During the same time period, there isn’t an appreciable increase in new malware, new viruses or anything that would obviously indicated why this is so.
Google Chrome
Google released a beta of their new Internet browser, Chrome.
A very good overview of the Google Chrome can be found over at SecuraBit.
Naturally, security folks have already been pounding on the product.
Security thoughts: It’s a beta product, what do you expect. Lots of bugs have been discovered.
Privacy minded folks don’t like the EULA that basically says that Google owns everything you do in the browser. Blog posts, sites visited, anything you do in the browser is Google’s.
Naturally, Google is backing away, and vows to change the EULA.
A smattering of vulnerabilities:
- Google Chrome Arbitrary File Download Vulnerability
- Google Chrome Remote Denial of Service Vulnerability
Several exploits for Chrome are showing up in Milw0rm.
See you next week,
Bill