| The Cloud Security Newsletter |
| The most trusted source for security and IT professionals | November 2010 Edition |
| |
| | | | | | | | | | LEAD STORY OF THE MONTH | | Free Tool That Allows Consumers To Protect Against Firesheep Security Threat |
|  |
| | On November 8, 2010 Zscaler released BlackSheep, a free Firefox plugin to obtain immediate protection against the highly-publicized "Firesheep" security threat. Firesheep enables others to surreptitiously "hijack" your user session, without your knowledge or consent, after you log in to Gmail or popular social networks such as Facebook and Twitter. Recently released by developer Eric Butler at the Toorcon security conference in October, Firesheep was downloaded over 100,000 times in the first 24 hours alone as it is a free Firefox plugin and can be obtained by anybody. | | | "We essentially used Firesheep against itself to combat the threat it poses," said Julien Sobrier, senior researcher at Zscaler Labs and developer of the new BlackSheep plugin. "In fact, BlackSheep leverages much of the Firesheep code, but the twist is that rather than being used to hijack sessions, it instead detects when a session is being hijacked and alerts the user." Download Zscaler's BlackSheep plugin  | | | | TECH TALK | | The "movie" rings | | If you've recently looked for information on a movie or its trailer, you've probably stumbled upon a website which claims to provide free streaming or downloads. The promise of these sites is rather dubious since this activity would be illegal. The sites do not actually host any movie files. If a user clicks on the "Download Now" button, he is redirected to "movie-watching-site.com", and then automatically to "www.movie-watching-site.com.powered-by.securewebsiteaccess.com" after a few seconds. There, the user is asked to download the browser plugin ClickPotato. This executable is actually popular spyware known as Hotbar (currently undetected by 60% of AV vendors). Learn More | | | | SECURITY INNOVATIONS | | Critical Microsoft Internet Explorer 0day Vulnerability Used in Targeted Attacks | | Aside from the monthly patch cycle on November 9, Microsoft also released a security advisory about a critical 0day vulnerability in Internet Explorer that is being used in targeted attacks to install a backdoor on vulnerable systems. The attacks are initiated via an email campaign which social engineers victims into visiting an otherwise legitimate website, which has been infected with the 0day exploit. The exploit was designed for Internet Explorer 6 and 7 (although IE 8 is also vulnerable). There are recommended workarounds but a patch is not presently available, and it is not known when one will be issued. Zscaler immediately implemented protections for its customers and is continuing to monitor the issue. Learn More | | | | EDUCATIONAL RESOURCES | | Essential Guide to Cloud Security |  The guide provides a wealth of data points, definitions and statistics to address the key challenges that CISOs are facing as a result of the adoption of these trends. The main focus is to address the necessity of utilizing Cloud Computing as a component of a comprehensive security strategy. It explains how Cloud Security Architecture can mitigate new threats and enable organizations to better manage their business in a secure way. Today's global economy demands maximum flexibility and agility on the part of businesses. New business opportunities, fast moving security threats and on-demand computing mandates the need for an on-demand approach to information security. We hope that this guide will provide you with insight and inspiration as to how you can incorporate Cloud Computing into your security strategy and enable a "future ready" organization. Download | | | | | NEWS HIGHLIGHTS | | Software engineer blogs own Starbucks wiretap | | The Register | | "... I'd collected somewhere between 20 and 40 identities." Most were Facebook identities. So Gary started sending people messages from their own Facebook accounts warning them he had just hijacked their Facebook accounts. | | | | SC Magazine Lists Zscaler as Finalist for Best Web Content Management Product | | SC Magazine | | As part of the IT security industry's leading global awards program, SC Magazine Awards U.S. was organized to honor the professionals, companies and products that help fend off the myriad security threats confronted in today's corporate world. | | | | Lethic Botnet Returns, Uses "Realtek" Identifier | | Zscaler Blog | | Remember Stuxnet? Chances are you do – a few months back there was a worm that spread over USB using the 0-day .LNK vulnerability (CVE-2010-2568) and targeted Siemens SCADA systems. In recent days, I have seen malware with Realtek Semiconductor Corp. signature information. Specifically, it has been of the Trojan Lethic / Ddox malware family. | | | | SECURITY PRACTITIONER'S COLUMN | | La-Z-Boy Embraces Cloud Based Web Security |  Founded in 1927, La-Z-Boy Inc. is one of the world's leading residential furniture producers and has 70 stores around the USA. La-Z-Boy's legacy web solution greatly increased latency because all traffic was backhauled to their headquarters and created a frustrating experience for managers because there was little visibility into resource usage within the organization or into inappropriate leisure browsing activity by users. Craig Vincent, IT Network Services Manager, chose cloud security as an efficient, cost effective solution to their web security problems that allowed their IT department to return its focus to core functions of the company. Learn More | | | | | | | | | | | If you or your colleagues would like to receive this newsletter, please sign up.
| | | | | | Copyright 2010 Zscaler, Inc.
392 Potrero Avenue, Sunnyvale, CA 94085 | 1.866.902.7811 | webcast@zscaler.com. |  | | |
 |
Note: Your e-mail is in our mailing list as security.world@gmail.com, if you wish to be removed from our mailing list please use the link below to unsubscribe from any future mailings. We will respect all unsubscribe requests Unsubscribe 
No comments:
Post a Comment