News

The H-Online: Google has announced on its Inside Search blog that it is enabling SSL encryption by default on its global search pages. The US site Google.com has been switching users to the secured HTTPS protocol since last year and now, to improve security and privacy for all its users, the company is rolling the behavior out to its international properties such as google.co.uk. As is the case on the US site, this only affects users who are signed into their Google account when visiting the site. The company expects to roll out this feature to the different local Google search pages “over the next few weeks”. Google hopes that this move will encourage other companies to adopt SSL more broadly across their web sites as well. ...

ISC Diary: One of the things that I’ve been working on lately is building an automated malware analysis environment to handle Android malware similar to the one I built for Windows malware. I’m not quite there yet, but I was quite pleased to here about the new service being offered by the folks at Die Universität Erlangen-Nürnberg. This is still a research project, so if you choose to use it, be understanding. Don’t expect 24×7 uptime and let’s try not to DoS them. That said, I’m looking forward to seeing how well it works and how the dynamic analysis will work once it is actually in production. ...

BBC: Hackers gained “full functional control” of key Nasa computers in 2011, the agency’s inspector general has told US lawmakers. Paul K Martin said hackers took over Jet Propulsion Laboratory (JPL) computers and “compromised the accounts of the most privileged JPL users”. He said the attack, involving Chinese IP addresses, was under investigation. In a statement, Nasa said it had “made significant progress to protect the agency’s IT systems”. ...

SophosLabs: This week has seen the annual Mobile World Congress event. For 2012, the giants of the mobile tech world are back in Barcelona to captivate the imagination of the tech press with their latest smartphone and tablet offerings. The mobile industry trade show has certainly not disappointed. Announcements of smartphones with new quad core processors, phone cameras with huge numbers of megapixels crammed onto its sensor and 3 in 1 smartphone-tablet-netbooks have all provided much excitement. ...

Google is to offer up to a million dollars in rewards for Chrome exploits at the CanSecWest conference. Previously, Google has sponsored the Pwn2Own competition which is held at CanSecWest, but has decided that this year it will directly reward exploits. “We discovered that contestants are permitted to enter Pwn2Own without having to reveal full exploits (or even all of the bugs used!) to vendors” says Google in a blog post. In previous years, full details have been handed over, but the revised rules make it “an explicit non-requirement in this year’s contest” – a change that Google calls “worrisome”. The organizers revised the rules to make the contest “more fair” and “more of a competition”. ...

SophosLabs: Want a free password for one of the world’s most popular adult websites? YouPorn, one of the world’s most popular porn video websites and one of the top 100 websites of any kind in the world, appears to have been caught with its pants down – after a list of many of its users’ email addresses, passwords and dates of birth were left exposed on a public-facing server. ...

The H-Online: Tenable has released version 5.0 of Nessus, its popular vulnerability scanner. The new version of the tool includes an updated installation wizard that is said to make installing and configuring the server and client easier and quicker than before. Scan policies can now be created substantially faster than with previous versions, and the developers have also improved the way users navigate through the results of a vulnerability audit. ...

The H-Online: According to a report, hackers, allegedly from China, had access to telecoms equipment manufacturer Nortel‘s IT systems over a period of several years – access that they took full advantage of. Citing an internal investigation, the Wall Street Journal reported on Tuesday that, using seven passwords stolen from senior managers, intruders had access to almost all confidential information within Nortel from 2000 onwards. Brian Shields, the manager who led the Nortel investigation, is quoted as saying that the hackers “had access to everything”. Huge volumes of technical documents, research and development (R&D) reports, business plans and emails were downloaded over the course of several years. “They had plenty of time,” said Shields, “All they had to do was figure out what they wanted.” The seven stolen passwords included the password belonging to the company’s then CEO. The attackers have not been identified, but the WSJ notes that they appear to have been working from China. ...

The H-Online: Twitter has announced that it has now enabled HTTPS by default for all users signed into the micro-blogging service. By using HTTPS, all user information including log-in credentials transmitted to the company’s servers are sent using SSL encryption. This means that all data is transmitted in encrypted form and can no longer be read and exploited for fraudulent activities by attackers using tools such as the Firesheep extension for Firefox. ...

Mashable: Reddit, known for its freewheeling approach to content management, instituted a new rule over the weekend that banned suggestive or sexual content featuring minors. “We have very few rules here on Reddit; no spamming, no cheating, no personal info, nothing illegal, and no interfering the site’s functions,” read a post on the site’s blog Sunday. “Today we are adding another rule.” The post noted that Reddit has dealt with content that “might be child pornography” by complying with legal guidelines and reporting procedures outlined by the National Center for Missing and Exploited Children. ...