Trending Security News

DigiNotar continued to reverberate through the industry this week. Companies scrambled to block and eliminate potentially compromised certificates. Meanwhile security experts took time to ponder what the event meant for security going forward. This led to headlines that included: Are Digital Certificates Doomed? and Cracked digital certificates endanger 'web of trust'. Against this backdrop, and other security breach stories that have been with us this year, law makers in Washington, D.C. held hearings that inspired headlines including: Senate Considers Using Mob Law To Go After Cybercriminals and Treat Hackers As Organized Criminals, Says Government. These suggestions resonate with the Threat Post article Cybercrime Profits Approaching Those Of The Drug Trade?

DigiNotar

• Hacking in the Netherlands Took Aim at Internet Giants – New York Times
• Why Diginotar may turn out more important than Stuxnet – Securelist
• Digital Certificate Hacking Scandal Roils Dutch Public – Wall Street Journal
• Cracked digital certificates endanger 'web of trust' – MSNBC
• Are Digital Certificates Doomed? – InformationWeek
• Are Some Certificate Authorities Too Big To Fail? – Threat Post
• Comodo hacker: I hacked DigiNotar too; other CAs breached – Ars Technica
• Burned by DigiNotar, Mozilla tells cert cops to audit security – The Register
• Apple Silent on DigiNotar Certificates Hack – PC World
• Microsoft flips 'kill switch' on all DigiNotar certificates – Computerworld
• Adobe Says It Is Breaking Ties To DigiNotar – Threat Post
• DigiNotar SSL certificate hack amounts to cyberwar, says expert -- Guardian
• DigiNotar certificates are pulled, but not on smartphones – Computerworld
• GlobalSign Investigation Continues, Some CA Services to Return Monday – Threat Post

Security Research & Intelligence

• Who’s Behind the TDSS Botnet? – Krebs on Security
• 10 years after 9/11, cyberattacks pose national threat, committee says – Computerworld
• Facebook hacking tool hacks hackers – MSNBC
• Hackers may target cars next, McAfee says – CNET
• Symantec finds 15% of Facebook videos are likejacking attacks – ZDNet
• Cybercrime Profits Approaching Those Of The Drug Trade? – Threat Post

Cyber Threat

• Patient Data Posted Online in Major Breach of Privacy – New York Times
• Stanford Hospital Breach Exposes 200,000 ER Records – InformationWeek
• How Hacktivism Affects Us All – PC World
• 2011 DDoS Botnet Landscape – Threat Post
• Inside The Booming Botnet Industry – InformationWeek
• RSA Spearphish Attack May have Hit US Defense Organizations – CIO
• Russia-based child porn scam hijacks PCs – MSNBC
• Evidence of Infected SCADA Systems Washes Up in Support Forums – Threat Post
• Data breach risks: Not just the insider threat – CSO Online

Government, Legislation & Policy

• Senate Considers Using Mob Law To Go After Cybercriminals – Threat Post
• Treat Hackers As Organized Criminals, Says Government – InformationWeek
• Senators Push for Changes in Cybercrime Law – CIO
• Advanced threats perplex cyber defense efforts, panel says – Government Security News
• 7 Key Homeland Security IT Developments Since 9/11 – InformationWeek

Blog Picks

• VMware’s vShield – Why It’s Such A Pain In the Security Ecosystem’s *aaS… - Chris Hoff
• Data Security Lifecycle 2.0 – Securosis
• Do we know how to make software? – Jeremiah Grossman

Microsoft Research, Papers and Media

• Cybersecurity/Internet Health
  • Rethinking the Cyber Threat (paper)
  • Collective Defense: Applying Public Health Models to the Internet (paper)
  • Video: Collective Defense: Enabling Healthy Devices (video)
• Security Intelligence
  • Battling the ZBot Threat (paper)
• Trustworthy Computing
  • Imagine Video: Microsoft Trustworthy Computing (video)
• Cybersecurity/Trusted Supply Chain:
  • Supply Chain Risk Management keynote at the East-West Institute’s Second Worldwide Cybersecurity Summit (video)
  • Cyber Supply Chain Risk Management: Toward a Global Vision of Transparency and Trust (paper)
  • Toward a Trusted Supply Chain: A Risk Based Approach To Managing Software Integrity (paper)