February 25, 2013 
China APT1 Attackers and Java 0day Breaches
Welcome to another week of InfoSec news. If you’re subscribed to the YouTube channel directly, you probably noticed I posted last week’s video late last Friday. Unfortunately, I was catching a plane at the time, so I decided to wait until today to post the video blog entry. If you missed any of last week’s big information and network security news, you’ve come to the right place.
This week’s “on the road” episode covers Apple and Facebook network compromises, the zero day Java exploit that caused them, and one security company’s research alleging the Chinese government is behind many recents advanced persistent threat (APT) attacks. I also recommend some critical updates for Windows, Linux, and OS X users, so make sure to watch below.
This week I’ll be attending the RSA security conference, and recording another episode on the go, which means I may also post next week’s episode earlier or later than normal depending on my travel and event schedule. Until then, thanks for watching and stay frosty out there.
(Episode Runtime: 6:39)
Direct YouTube Link: http://www.youtube.com/watch?v=MolGboEK7nE
Episode References:
- Facebook network breach (due to Java issues) - CBR Online
- Apple employees infected by Malware - The Guardian
- iPhonedevSDK site responsible for Java malware attacks - InfoWorld
- Java updates for Windows and Mac due to attacks - WGSC
- Mandiant China APT1 report (PDF) - Mandiant
- Not everyone agrees with Mandiant research - Jeffrey Carr Blog
- Mandiant video of supposed APT attack - The Next Web
- EXTRAS
- Many Corp. Twitter accounts hijacked - ComputerWorld
- NBC web site temporarily hijacked? - Reuters
- VMware may start scheduling alerts - The Register
- Microsoft affected by malicious Java attack too – Forbes
- Adobe patches previous 0day reader vulnerabilities - Adobe
- Many Corp. Twitter accounts hijacked - ComputerWorld
Ambiguous feeling after reading Mandiant’s report. My personal adore of analytics and precise evidences will not allow me to make damning verdict or acquittal because of:
1. Too many careful sentences and phrases – “None of the information in this report involves access to or confirmation by classified intelligence”, “APT1 is likely government-sponsored”, “however, we believe it engages in harmful “Computer Network Operations””, “Unit 61398 is staffed by hundreds, and perhaps thousands”. So many “likely”, “maybe”, “perhaps”, “we believe” etc. per one analytical report. Or it’s not analytical?
2. Interesting material with photos, list of domain names, IP-addresses, describing methods of attacks and so on. Very cognitive from technical point of view, but ones again – not too many “maybe” in the beginning of report?