Zero Day Weekly: OPM breach blame game, SourceForge Nmap hijack, malware regrets

Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending June 5, 2015. Covers enterprise, controversies, reports and more.

• The Office of Personnel Management (OPM) suffered what appears to be one of the largest breaches of information ever on U.S. government workers. The office handles employee records and security clearances. The personal data of 4 million current and former federal employees was compromised, and investigators are probing whether the culprits were based in China, U.S. officials said on Thursday. The breach was linked to earlier thefts of healthcare records from Anthem Inc. and Premera Blue Cross.

• Telstra's chief information security officer Mike Burgess told Check Point's Cyber Security Symposium in Sydney on Tuesday, that organisations focus too much on attribution, or blame "sophisticated" attackers, and completely skewered Sony. After the Home Depot breach, for example, the company said: "The malware used in the attacks had not been seen in any prior attack, and was designed to evade detection by anti-virus software. Really?" said Burgess with dripping sarcasm, to audience laughter. "I mean, really?"

After @SteveD3 asked about an @AttributionDice twitter bot, I went ahead and made one. Tweet @attribot with !roll in the msg to get yours

-- sven steinbauer (@binaryheadache) June 4, 2015

• In the latest Bitcoin security blowup, Blockchain revealed that some of its Android Bitcoin wallet customers ended up sharing the same bitcoin wallet. Relatively few Blockchain customers should have been vulnerable to this security hole. The company claims that only "bitcoin addresses generated by old versions of our wallet when run on Android 4.1 'Jelly Bean' or older were vulnerable".

• Almost as quickly as reports of new ransomware dubbed Locker prompted security experts to warn users of the threat, the author of the malware posted a message on Pastebin apologizing for resulting scams, dumped its database of keys, and decrypted anyone who was infected (for free). Symantec, which analyzed the ransom payments victims made via Bitcoin, said in a Tuesday blog post that the author only made $169 from victims before closing up shop, speculating that "the sudden change of heart" by the author may have been brought on for a number of reasons, such as fear that law enforcement were on their tracks. Or, Symantec said, "The malware author actually regretted their actions."

• SourceForge hijacked the Nmap account, but first it took over the control of the "GIMP for Windows" account and started distributing an ads-enabled installer of GIMP. They also locked out original owner of the account, Jernej Simončič, who has been building the Windows versions of GIMP for years. Now, SourceForge has hijacked the Nmap account (Nmap was popularized in mainstream culture primarily via Hollywood film The Matrix) from its author Gordon "Fyodor" Lyon, and moved all the Nmap content to SourceForge's new page which only they control. Infosec communities around the world are justifiably furious.

Seriously, @sourceforge you even ripped off @nmap's logo? Really bad move. http://t.co/2RG9YF6Etn pic.twitter.com/Umgetm1kzH

-- Kenn White (@kennwhite) June 3, 2015

• Facebook announced this week that users can start listing their OpenPGP keys directly on their profile for enhanced email security. The "experimental" feature allows end-to-end encrypted notification emails from Facebook to your email accounts. A user quickly left passionate commentary reflecting their feelings regarding Facebook, by signing Facebook's key with goatse.

• Google on Monday launched a new hub to manage security and privacy settings across various devices and services. Under your My Account tab, Google said in a blog post that it will add new settings and provide tools and tutorials on privacy. The move is similar to the one Facebook made last year.

• Microsoft is getting ready to support OpenSSH, one of the mainstays of BSD, Linux, and Unix system administration. Angel Calvo, Microsoft's PowerShell Team Group Software Engineering Manager, explained, "A popular request the PowerShell team has received is to use Secure Shell protocol and Shell session (aka SSH) to inter-operate between Windows and Linux -- both Linux connecting to and managing Windows via SSH and, vice versa, Windows connecting to and managing Linux via SSH. Thus, the combination of PowerShell and SSH will deliver a robust and secure solution to automate and to remotely manage Linux and Windows systems."

• Symantec has launched Data Loss Prevention 14 worldwide, the first Symantec security offering which protects against data loss prevention in the cloud as well as Software as a service (SaaS) applications. Data Loss Prevention 14 allows enterprise clients to run content-based scans, monitor employees and file traffic, and ramp up protection for cloud-based email and storage apps.

KEYNOTE ANNOUNCED: Jennifer Granick (@granick) Dir. of Civil Liberties, Stanford Center for Internet & Society #BHUSA http://t.co/kVMWPIL0Aw

-- Black Hat (@BlackHatEvents) June 4, 2015

• Visa is partnering with FireEye to share cyber-threat data and intelligence in the new Visa and FireEye Community Threat Intelligence (CTI) offering, and it will be sold through Visa as part of its fraud risk service. FireEye will run the web-based program, which Visa said is a "significant improvement over current industry practices of sharing threat intelligence via e-mail or static documents."

• F-Secure has acquired nSense, a Danish company which specializes in security consultation and vulnerability assessment. Announced on Wednesday, the acquisition of nSense is designed to bolster F-Secure's position in European markets as a "prominent security vendor."

• Lookout is entering the enterprise market with a "new approach" to business security based on risk management and analytics. Announced on Tuesday, the new Lookout Mobile Threat Protection offering uses predictive analytics to combat security threats and remove visibility gaps based around emerging threats.

Tech Time Warp of the Week: The '90s TV Special That Profiled Hackers and Their Glorious Hair http://t.co/Y2bmqI0E98

-- Chris Wysopal (@WeldPond) June 3, 2015