Week in Security: More Wikileaks Fallout, Cybersecurity Buzz and Browser Updates

Type threatpost
Reporter Chris Brook
Modified 2013-04-17T16:35:32


The words “cyber war” were in the headlines this week, as controversy and debate about the leak of confidential diplomatic cables by Wikileaks reached a fever pitch. As speculation turned to the fallout from the ongoing publication of documents, the U.S. government laid the groundwork to prevent similar breaches while two browsers announced changes for upcoming builds. Read on for the full week in review.

The operators behind Wikileaks began the week trying to ensure the site’s content remained online, petitioning mirror sites to host their treasure trove of leaked diplomatic cables. The Internet obliged as more than 1,300 servers from across the globe were enlisted to mirror the leaked “Cablegate” documents and help keep the information public. The story shifted once corporations began lining up to deny the whistle blower Web site access to needed funds.

Related Posts

Browser Address Bar Spoofing Vulnerability Disclosed

August 17, 2016 , 12:54 pm

Threatpost News Wrap, July 29, 2016

July 29, 2016 , 10:45 am

NIST Recommends SMS Two-Factor Authentication Deprecation

July 27, 2016 , 12:57 pm

Paypal was one of the first to step up on Monday. Citing a violation of their Acceptable Use policy, the company permanently restricted the account the site was using. On Tuesday Visa and Mastercard followed suit by cutting off anyone who made payments or donations using their accounts to support Wikileaks.

Even after the site’s mastermind Julian Assange turned himself in on Monday, the libertarian-hacktivist group Anonymous lashed out at the sites of Paypal, Visa and Mastercard, hitting each with DDoS attacks, part of an ongoing campaign they call “Operation Payback.” Paypal later denied these attacks hit their site. By Thursday, both Twitter and Facebook had pulled the plug on the accounts used by Anonymous, which were being used to promote the attacks and, in some cases, communicate with other participants. Twitter declined to comment on the account shutdown, citing its policy of not commenting on customer account matters.

With questions about the U.S. government’s handling of classified data coming from all quarters, there was further news this week about Petty Officer Bryan Minkyu Martin, who was arrested after allegedly stealing classified documents and trying to sell them to a foreign agent. Faced with a diplomatic disaster, the U.S. government is doing their best damage control by cracking down on data leaks.

The fallout from WIkileaks also led to an agreement between the Department of Homeland Security, NIST, and the Financial Services Sector Coordinating Council. The deal, announced Tuesday, hopes to foster discussion surrounding security initiatives and encourages shared cooperation on research and the development of new technology going forward.

In related government security news, NASA found itself in hot water this week following an internal audit that claimed the agency could be doing a better job cleaning old hard drives. Drives containing sensitive data were not properly sanitized and discarded, according to tests. Furthermore, some of the agency’s computers were sold on the secondhand market, potentially compromising weaknesses in NASA’s framework.

National security aside, the steady march of software flaws, vulnerabilities, attacks and patches continued unabated.

On Tuesday, Microsoft announced the latest build of their Internet Explorer would implement Tracking Protection and Tracking Protection Lists. The news follows a report issued last week by the Federal Trade Commission calling for better privacy on the web, advocating a “Do Not Track” feature to browsers.

Mozilla is nixing support for Web Sockets in upcoming versions of Firefox it said this week. Insecurity surrounding the protocol spurred the company to make the move but if future versions of WebSockets prove stable, it’ll be included in future releases.

What did readers find interesting this week? A study by the UC San Diego Department of Computer Science caught readers’ attention. That report found that a number of Javascript apps are sniffing browser histories. Incidentally, later in the week a new tool was released to help people better comprehend how these applications work.