The Week That Was - 8/13/2012

Highlights for this week include:

  • Mat Honan getting pwn3d pretty hard through what was essentially a social engineering attack. [1],[2],[5]-[7]
  • Mr. Alex Hutton introduces the Risk Fish.  I need to spend some quality time with this diagram.  On first glance, it looks like it can make the process of risk assessment a little easier. [8]
  • Those crazy kids at Las Vegas B Sides come up with a new and creative way to execute arbitrary code and SQL injection attacks simultaneously.  Good thing too, because I was starting to run out of things to worry about. [14]

Here's the list:

D. Walker-Morgan, “Apple and Amazon reset phone password resets,” The H Security, 08-Aug-2012. [Online]. Available: [Accessed: 08-Aug-2012].
S. Musil, “Apple freezes AppleID password resets requested over the phone,” CNet News, 07-Aug-2012. [Online]. Available: [Accessed: 08-Aug-2012].
K. Liston, “Blizzard Compromise-- what they missed in their user communication,” ISC Diary, 10-Aug-2012. [Online]. Available: [Accessed: 10-Aug-2012].
G. S. Phillips, “Compliance And Proofreading: A Fresh Perspective Is Required,” Dark Reading, 03-Aug-2012. [Online]. Available: [Accessed: 06-Aug-2012].
M. Honan, “How Apple and Amazon Security Flaws Led to My Epic Hacking,” Gadget Lab, 06-Aug-2012. [Online]. Available: [Accessed: 07-Aug-2012].
K. Zetter, “How Not to Become Mat Honan: A Short Primer on Online Security,” Wired Magazine, 07-Aug-2012. [Online]. Available: [Accessed: 08-Aug-2012].
P. Wagenseil, “How the iCloud Hack Happened and How to Avoid Being Next,” Scientific American, 07-Aug-2012. [Online]. Available: [Accessed: 08-Aug-2012].
A. Hutton, “Introducing: The RiskFish - Dark Reading,” Dark Reading, 08-Aug-2012. [Online]. Available: [Accessed: 09-Aug-2012].
J. Kirk, “Massive payment card upgrade has mixed results in Australia,” Computer World - Security, 06-Aug-2012. [Online]. Available: [Accessed: 06-Aug-2012].
D. Wesemann, “Phishing for Payroll with unpatched Java,” ISC Diary, 05-Aug-2012. [Online]. Available: [Accessed: 06-Aug-2012].
M. Rothman, “Pragmatic WAF Management: the Trouble with WAF,” Securosis, 01-Aug-2012. [Online]. Available: [Accessed: 06-Aug-2012].
M. Rothman, “Pragmatic WAF Management: the WAF Management Process,” Securosis, 03-Aug-2012. [Online]. Available: [Accessed: 06-Aug-2012].
T. Wilson, “Republican Filibuster Kills Cybersecurity Act Of 2012 In Senate,” Dark Reading, 05-Aug-2012. [Online]. Available: [Accessed: 06-Aug-2012].
E. Chickowski, “Serving Up Malicious PDFs Through SQL Injection,” Dark Reading, 09-Aug-2012. [Online]. Available: [Accessed: 09-Aug-2012].
G. Hinson, “Social engineering trumps Wal-Mart customer service,” (ISC)2 Blog, 09-Aug-2012. [Online]. Available: [Accessed: 10-Aug-2012].