In this episode of Security Decoded Dennis, John and Mike talk about the weeks security news including items like the NY Times, Wall Street Journal and Washington Post infiltrations, the Twitter hack and what does that really mean, creepy new Android malware that jumps from your phone to your PC, Massive new method for credit card fraud, sleepy malware and quite a few more topics.

Then we jump into Java and talk about all of the recent vulnerabilities and can you really live without it on your machine.

This is a great episode and we cover a ton of subjects.

Downloads

Show Notes

New York Times, Wall Street Journal, Washington Post and more were hacked

• http://news.cnet.com/8301-1009_3-57566805-83/chinese-hackers-said-to-wage-cyberwar-on-the-new-york-times/
• http://news.cnet.com/8301-1009_3-57567831-83/chinese-still-hacking-us-says-wall-street-journal-owner/

Twitter confirms data compromise of 250,000 user accounts

• Offical Twitter: http://blog.twitter.com/2013/02/keeping-our-users-secure.html
• http://isc.sans.edu/diary/Twitter+Confirms+Compromise+of+Approximately+250%2C000+Users/15064

Creepy new Android jumps from your phone to your PC

• http://www.nbcnews.com/technology/technolog/creepy-android-malware-jumps-your-phone-your-pc-1B8239587?ocid=msnhp&pos=4

More Android Malware “Bill Shocker” has infected  600,000 mobile users

• http://threatpost.com/en_us/blogs/mobile-malware-dubbed-bill-shocker-targets-chinese-android-users-013013

Oracle released a Java update earlier to address in-the-wild exploitations of a new bug:

• http://bit.ly/WstYfv

‘Massive’ Credit Card Fraud Steals $200M

•  http://abcnews.go.com/Blotter/massive-credit-card-fraud-steals-200m/story?id=18409543

One of the members of Rove Digital pleaded guilty to charges of wire and computer intrusion:

• http://bit.ly/UWFvCD

Crooks netted millions in coordinated ATM heists that were timed to begin on Christmas Eve 2012

• http://ow.ly/hstC4

New malware discovered by FireEye sleeps its way into financial institutions:

• http://ow.ly/hs7PV

FireEye discovers a longstanding advanced persistent threat campaign targeting U.S. aerospace & defense industry:

• http://ow.ly/hrGWd

OpenSSL Security Advisory including Lucky Thirteen: Breaking the TLS and DTLS Record Protocols,…

• http://bit.ly/UtSpKE

Protecting your data and device is not as simple as just locking your phone:

• http://bit.ly/Vwz0sT

Following criticism from cryptographers, @kimdotcom promises $13,600 to anyone who breaks Mega encryption:

• http://arstechnica.com/security/2013/02/kim-dotcom-promises-13600-to-anyone-who-breaks-mega-encryption/ …

Point-of-sale skimmer in as-yet undisclosed merchant breach used bluetooth, encrypted data at rest and on the move

• http://ow.ly/hkQNc

uPNP vulnerability

• https://www.grc.com/x/ne.dll?bh0bkyd2

Podcast: Play in new window | Download