Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending October 17, 2014. Covers enterprise, controversies, reports and more.
This week, Drupal had a SQL faceplant, Dropbox wasn't hacked, controversy erupted over a Kickstarter privacy gadget, nobody wanted a POODLE, and Ebola is infecting inboxes.
Google's Security Team revealed on Tuesday that the long obsolete, but still all too used, Secure Sockets Layer (SSL) 3.0 cryptographic protocol has a major security flaw. In an example attack called Padding Oracle On Downgraded Legacy Encryption (POODLE), an attacker can steal "secure" HTTP cookies or other bearer tokens such as HTTP Authorization header contents. According to the team's Bodo Möller: "This vulnerability allows the plaintext of secure connections to be calculated by a network attacker." The OpenSSL Initiative issued a patch on Thursday.
Russian hackers have exploited a bug in Microsoft's Windows operating system in order to target computers used by NATO, the European Union, Ukraine and the telecommunications and energy sectors, according to security firm iSight. In a blog post Tuesday, Dallas-based iSight, in collaboration with Microsoft, said the zero-day vulnerability impacts all supported versions of Microsoft Windows and Windows Server 2008 and 2012.
One of the #anonabox shots in the Kickstarter video is pretty clearly a 'shopped version of an Alibaba photo pic.twitter.com/LGMsTSCzg3
— Kevin Poulsen (@kpoulsen) October 15, 2014
Did you back the Anonabox on Kickstarter? Login -> Manager Pledge -> Cancel. Hardware runs $20 online @ http://t.co/pPPsIoYSIH
— HD Moore (@hdmoore) October 16, 2014
Web founder Tim Berners-Lee is one of the privacy advocates behind a newly launched service that combines social media, cloud storage, person-to-person, and group communications for privacy-conscious users. The MeWe private communications network spun out of online privacy company Sgrouples — founded by online privacy advocate Mark Weinstein — doesn't own, track or share information its members provide or share among one another.