Flaws in Trend Micro's antivirus program left user login names and passwords extremely vulnerable. Meanwhile, eBay has patched a security vulnerability that was leaving customer credentials exposed. To hear more, just click play!





IT Rewind Featured Stories:

Did our short segment leave you wanting more? Check out the original articles of stories we covered!





InfoWorld, @infoworld, Jeremy Kirk, @Jeremy_Kirk





The WHIR, @theWHIR, Chris Burt, @AFakeChrisBurt





Continuum's Must-Read Blog Post This Week

As cited in CompTIA's 4th Annual Trends in Managed Services report, "the global managed-services market is predicted to grow to $193B by 2019, at a Compound Annual Growth Rate (CAGR) of 12.5%." What is fueling this impressive level of adoption? Why are so many business owners fans of your business model? We dug into the report to examine the top reasons small-to-medium-sized businesses (SMBs) list for working with MSPs and IT solutions providers. As you build your 2016 sales strategy, pay attention to these main market drivers. Keep reading »

What Else Is New in the IT Channel?

Now that you've seen our top picks for this week, here are some more stories that made the headlines. Have a suggestion for a story that we should cover next week? Let us know by commenting below or tweeting @FollowContinuum or @BenDBarker!





Android malware:

Android Malware Steals One-Time Passcodes

ComputerWorld, @CompworldIndia, Jeremy Kirk, @Jeremy_Kirk





Think like a criminal:

Why Thinking Like a Criminal Is Good for Security

Network World, @NetworkWorld, Kacy Zurkus, @KSZ714





Cisco patches software, devices:

Cisco Patches Hardcoded Password, DoS Vulnerabilities in Software, Devices

Threatpost, @threatpost, Chris Brook



Transcription

Hey everyone welcome back for another episode of IT Rewind. This week, a Google researcher discovered that flaws in Trend Micro’s antivirus product allowed for remote code execution by any website which left user passwords vulnerable. You’ll hear about this story and more right now on IT Rewind!

When you think of antivirus programs, you think of protecting your systems, right? Well, recently Tavis Ormandy, a well-known Google security researcher found that bugs in Trend Micro’s antivirus software was leaving users passwords extremely vulnerable. Since the discovery, Trend Micro has released an automatic update that fixes the issue. Still, in the emails that Ormandy exchanged with the security firm, it was clear that Trend Micro wasn’t moving fast enough to fix the issue. In one of the released emails, Ormany said quote, “…This means anyone on the internet can steal all of your passwords completely silently, as well as execute arbitrary code with zero user interaction. I really hope the gravity of this is clear to you, because I’m astonished about this.” End quote. The issue was in the password manager of the antivirus product, which was written in java script and opened up HTTP remote procedure call ports to handle API’s. Users could elect to export their passwords to it. Ormandy quickly found an API that allowed him to access passwords stored in the manager.

eBay has patched a vulnerability that could have exposed customer credentials. The cross-site scripting vulnerability left millions of users open to the threat of spear phishing attacks, which would have allowed cybercriminals to access credentials and potentially steal funds. The vulnerability involved the main domain and has been described as farily basic. The researcher who discovered the vulnerability was able to mirror eBay’s login page, which gave users an error when they tried to log in. However, it also revealed the username and password that the user attempted to enter. The researcher claims that eBay only fixed the issue after the media contacted them about it, even though he had brought it to their attention a month earlier.

Before we go I’m excited to announce that registration for Navigate 2016 is now officially open. Make sure to book your tickets to this years user conference right here in Boston, Mass! Head over to www.continuum.net/nav16 to register.

That’s all the time that we have for this week’s episode of IT Rewind, As always, read the full stories that we covered today and other tech stories by clicking on the links below.

Of course, you can always find us on Twitter, Instagram and Vine at FollowContinuum. We’re also on Facebook, LinkedIn, Spiceworks, YouTube and Periscope

Take it easy.

Don't let your office get sick!



