Happy Tuesday, Chiros readers! Here's what's going on in computer security news today!
The first order of the day is that Chief Information Security Officer for Yahoo, Justin Somaini, has been canned. Rather, he has "left the company," but I can't imagine that he's leaving voluntarily. While Yahoo has apparently been cleaning out its cabinets with regards to its upper-level officers, this article hypothesizes that it might be over the recent breaches in security for Yahoo Mail, which have led to several accounts being used for spam distribution. (You can see a demonstration of the problem here). While I feel for Somaini, this may give him more time for his information security blog, which is good news. I mean, this info graphic is worth a whole site unto itself.
Of course, where would I be if I didn't mention something that sounded like it was from an action movie from the 90s? Computer security experts have been researching Russian malware called "Rocra," which has most likely been targeting Western Europe, but also has affected organizations in North American and Asia. According to a Washington Post article, it's focusing on "trade and commerce organizations, nuclear and energy research groups, oil and gas companies, and the aerospace industry." However, the article does cite that it's also targeted European diplomatic agencies, which is why it has been classified as "cyber espionage." Encryption and decryption keys have been stolen from the EU and NATO, which is comforting, as well as large amounts of files. A researcher at a Boston-based computer security firm notices that cyber-criminals have increased their scope (read: picked bigger targets) over the last year. Clearly, if the world is going to conduct cyber war, it may not be among nations, but individuals. Can you imagine? It's either an encouraging moment for the power of democracy, where people have the power, or a terrifying look at what happens when individuals have a little too much power.
Finally, a blogger has taken a look at all the work that pentesters actually have to put into penetration testing. It's a fun little list, and it's a peek behind what pentesting entails and the dedication (to the client and to the craft) it requires. Check it out!
Til next time,