Trending Security News

The big security news this week focused on the security breach of Dutch certificate authority DigiNotar, a subsidiary of Chicago-based Vasco Data Security. This significance of the event was underscored when it was announced that one of the certificates affected by the breach was for Google.com. ReadWriteHack summed up industry concerns with its headline: SSL Certificates: What’s Left to Trust?  Organizations swiftly responded to block potentially bad certificates from the event, while a wide discussion was opened on how to better secure fundamental resources on the Internet.

DigiNotar

• Fraudulent DigiNotar SSL Certificate – US-CERT
• Fraudulent Google certificate points to Internet attack- CNET
• Google users in Iran targeted in SSL spoof – CNET
• Digital Certificate Authority Hacked, Dozens Of Phony Digital Certificates Issued – Darkreading
• Google.com spoof triggers scramble to clean up – ZDNet
• Dutch Site Claims Mozilla, Yahoo, Wordpress, Tor Project All Targets in DigiNotar Attack – Threat Post
• World ostracizes firm that issued bogus Google credential  - The Register
• SSL Certificates: What's Left to Trust? – ReadWriteHack
• Comodo, DigiNotar Attacks Expose Crumbling Foundation of CA System – Threat Post

Security Research & Intelligence

• Top cyber security concerns: Malicious code, employees run amok – InfoWorld
• Seven Crucial Identity And Access Management Metrics – Dark Reading
• Facebook Pays Out $40,000 in Bug Bounties in First Month – Threat Post
• Nations with low malware rates have better ISPs, Microsoft research finds – Techworld

Cyber Threat

• US energy grid vulnerable to cyber attacks – MSNBC
• The Leaky Nature of Online Privacy – Slate
• Researchers Uncover The Email That Led To The RSA Hack – Dark Reading
• Ex-Anon: Good liars undermine information security – CSO Online
• Nokia's Developer Website Hacked, User Data Compromised – Forbes
• UK arrests two suspected Anonymous hackers – MSNBC
• Kernel.org Linux Site Compromised – Threat Post
• Worried about sophisticated attacks, agencies ignore low-tech threats – Government Computer News
• Hackers Push Sipvicious VoIP Tools In Malicious Attacks – Threat Post

Government, Legislation & Policy

• GAO: Conflicting orders have led to confusion over DOD’s cyber strategy – The Hill
• Dutch Government Scrambling To Reassure Citizens About Security Of Digital ID System – Threat Post
• Data privacy 'should be taught in schools – CIO UK

Blog Picks

• TaoSecurity Security Effectiveness Model – TaoSecurity (Richard Bejtlich's blog)
• The Good, Bad, and Ugly of Technology Acquisitions – Amrit Williams blog
• Fact-Based Network Security: Compliance Benefits – Mike Rothman / Securosis

Microsoft Research, Papers and Media

• Cybersecurity/Internet Health
  • Rethinking the Cyber Threat (paper)
  • Collective Defense: Applying Public Health Models to the Internet (paper)
  • Video: Collective Defense: Enabling Healthy Devices (video)
• Security Intelligence
  • Battling the ZBot Threat (paper)
• Trustworthy Computing
  • Imagine Video: Microsoft Trustworthy Computing (video)
• Cybersecurity/Trusted Supply Chain:
  • Supply Chain Risk Management keynote at the East-West Institute’s Second Worldwide Cybersecurity Summit (video)
  • Cyber Supply Chain Risk Management: Toward a Global Vision of Transparency and Trust (paper)
  • Toward a Trusted Supply Chain: A Risk Based Approach To Managing Software Integrity (paper)