A selection of this week’s more interesting vulnerability disclosures and cyber security news. Quite an interesting stream of news this week, however, my choices this week focus on threat management. The first one, and its quite alarming and not at all funny, shows an example of someone didn’t accept reasonable proof of account ownership for a password reset – something many of us face with public websites:
Its extreme for sure, though this next article does remind us that the threats are still there, and not going away, and that they are likely going to be more forceful:
- Just because you”re paranoid doesn”t mean hackers aren”t going to nuke your employer into the ground tomorrow
And here is one that brings such fears home…
Stay paranoid folks!
The rest of the news:
- I found a security hole in Steam that gave me every game”s license keys and all I got was this… oh nice: $20,000
- Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2 Microsoft’s November Patch Tuesday fixes include mitigation against a zero-day vulnerability leaving Windows 7, Server 2008 and Server 2008 R2 open to attack.
- Scumbag who called a Call of Duty “swatting” that ended in death pleads guilty to dozens of criminal charges (The Register)
- Super Micro chief bean counter: Bloomberg”s “unwarranted hardware hacking article” has slowed our server sales
- U.S. Chip Cards Are Being Compromised in the Millions A full 60 million U.S. cards were compromised in the past 12 months. While 93 percent of those were EMV chip-enabled, merchants continued to use mag stripes.
- UK: Six month prison sentence for motor industry employee in first ICO Computer Misuse Act prosecution