Security Notes, Part 3

The final part in this week’s security roundup.

• Windows 8 isn’t even really out, and there are already bootkits.
• UCLA’s psychology department suffered an exploit, likely due to a SQL injection vulnerability.
• Floyd Landis was sentenced to a (suspended) 12-month prison sentence for his part in a hack of a French lab which contained doping results (via HNTV).  John Strand’s point is a good one:  with tools like Metasploit readily available, the bare minimum necessary for exploiting has dropped precipitously.  There have always been script kiddies hanging around, but things just keep getting easier.
• If you have purchased anything from Steam, keep an eye on your credit card statements.  The site was attacked and it sounds like whoever did it did a pretty thorough job of things (via HNTV).

Special Android subsection:

• Android anti-virus sucks (via HNTV).  Only one of the seven anti-virus applications picked up even a third of the various pieces of malware tested.  We’re not talking about 0-day exploits, either—this is stuff which is all in the wild.
• Android facial recognition can be fooled by a photo of the person.
• There is certainly a market for secure Android and iPhone devices, so I hope this Bizztrust phone is legit and takes off.  With RIM having blown away both feet, there’s a gap in the market for phones which you can trust your CxOs (not to mention IT staff) to have.