ReadWriteWeb

This morning, Fraser Howard and the security researchers of Sophos Labs are reporting this discovery: The recent wave of Web site defacement attacks, including one against the outreach site for the National Cyber Security Alliance, appear to have a common source: Something is injecting malicious <IFRAME> elements into the front pages of everyday Web servers.

What makes this particular malicious injection different from thousands of others, Howard learned, is that the injected PHP code quite cleverly checks the URL and user-agent string of the requesting client, to determine whether the client is accessing the page through a search engine link, such as Google.

Tuesday morning, Chicago-based authentication services provider Vasco Data Security announced its DigiNotar subsidiary, which issues certificates for SSL used to secure financial and other discrete transactions online, detected a security breach that forced it to issue improper certificates. One of those certificates, it admitted, was for Google.com.

It would be a shocking occurrence if it weren't so common. A root certificate authority (CA) is, by definition, the starting point for all trust in the Web transaction system. It self-signs its own certificate as a way of validating its own validity. Thus when DigiNotar's validity isrevoked, as it was yesterday by Mozilla, among others, all the certificates it signs - including the one for itself - lose their authenticity.

Yesterday, a YouTube video from a splinter of Hacktivist group Anonymous proclaimed that it will "destroy Facebook" over privacy issues on November 5th. Now, as military tactics goes, that is like telling the Germans that the Allied Forces are going to launch D-Day three months in advance. That is no recipe for success. The threat against Facebook should be taken with a grain of salt. Yet, the question arises, if Anonymous or a group of hackers really did want to take down Facebook, how could it be done?

See the video after the jump for a full explanation on why Anonymous might want to destroy Facebook. Yet, the first thing to know about the alleged destruction of Facebook, is that it is not wholly supported by the Anonymous collective. Various Anonymous-based Twitter accounts have said something along the lines of "no one can speak for the whole of Anonymous. There are some anons who support #opFacebook whilst others do not." Yet, what if the entire group was motivated to cause chaos and disruption? Are there any tactical advantages that Anonymous has that Facebook could not easily thwart?

The cyber security industry talks a big game. There is a certain amount of truth to the notion that security companies' marketing departments play up viruses or Trojans or known vulnerabilities to alert the public to their products. Security is a $16 billion industry and hyper-competitive. Yet, with all the news of exploits, big hacks and viruses in the news, one has to ask: are the security companies really doing their jobs?

That is up for debate. A Google security researcher (acting independently of Google) named Tavis Ormandy reverse engineered part of security firm Sophos's security products and published his research (PDF). He presented his findings at the Black Hat security conference in Las Vegas yesterday and had some hearty criticism not just for Sophos, but for the security industry in general. The issue, in part, is about how open security companies are with the codes and algorithms they use to protect users' computers. How open do security companies need to be to have the most effective product?

Earlier this week Microsoft Development blogs posted an update about its SmartScreen Application Reputation ranking software for Internet Explorer. In the post, Microsoft had some statistics about users downloading malicious Web applications and the pop-up warnings that IE delivers to users warning them about potentially harmful downloads.

Chet Wisniewski of Sophos Security is calling shenanigans on Microsoft's statistics. In a blog post on Sophos' blog, Naked Security, Wisniewski says, "Microsoft is comparing Apples to...nothing." Microsoft's post says that users get two pop-up warnings a year, which Wisniewski says means that IE users make 20 downloads a year. Wisniewski looks at these numbers and thinks something is not quite right in Microsoft land.

Twenty years after the release of the Morris Worm, one of the first worms discovered on the Internet, the Web has proven to be the primary place where bad guys lurk, looking for poorly secured websites to plant malicious code. And, they find plenty.

According to the 2009 Security Threat Report [PDF] from Sophos, one new infected Web page is discovered every 4.5 seconds. With that in mind, we thought we'd take a look at the top security threats you should be looking out for in 2009.