UK security agency MI5 has issued a warning regarding freebie flash drives and cameras. Apparently Chinese spies are handing them out to UK businessmen in hopes of infecting their computers with trojans and gaining access to corporate secrets.
Of course old-fashioned methods—sex and money—are still being used as well, but it seems that few people expect an innocent gadget gift to contain danger in the form of a trojan or malware. After all, why else would a security agency’s 14-page report be focusing on this espionage approach more than it did on other tricks?
I guess it’s time for me to become a bit more paranoid about the pile of flash drives I picked up at CES. [Times Online via IEEE]
Grotendo writes “Microsoft plans to release an emergency patch for Internet Explorer very soon to counter targeted attacks and the publication of exploit code for a ‘browse and you’re owned’ vulnerability in its flagship Web browser. The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows. This could happen as early as this weekend.” Microsoft has downplayed the seriousness of the IE zero-day, and insisted that it affects only IE6 even as security researchers close in on exploits for IE7 and IE8. Microsoft has had no comment about the firestorm that Google unleashed by directly accusing the Chinese of cyber espionage. ShadowServer has up a sobering post on the massive extent of the problem of “groups that can be referred to as the Advanced Persistent Threat.”