Lost+Found: From fake phishing to a Fortinet facepalm

Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H's radar over the last seven days: Fake phishing, textbook SQL injections, security 101 for app developers, reverse engineering malware, a Fortinet faceplam, a pentester edition of Firefox and further news on the QNAP vulnerabilities.

• US media firm Atlantic Media caught its staff red-faced and red-handed in a phishing test – 58 per cent clicked on a link to verify their Google Apps accounts included in a fake phishing email. A sad reality.

• As we are talking about sad realities, a wide range of GitHub projects provide textbook examples of how to construct an SQL injection vulnerability.

• FX has struck again and (in conjunction with Greg from phenolit) has notified Cisco of a whole series of security problems in its cloud products, in particular the Cisco Nexus 1000V.

• The iMAS libraries are aimed at helping iOS app developers avoid major security pitfalls. They include data encryption and password protection functions.

• If you want to report a security vulnerability in Chrome to Google, don't follow the example of the Fortinet security team and post your entire complete browser profile, including stored passwords.

• QBurst PenQ adds a preconfigured edition of Firefox, which includes all major penetration testing extensions, to security Linux distributions such as Kali.

• There are now two OpenVAS modules for checking the security vulnerabilities in Qnap's NAS and NVR systems, one for CVE-2013-0143 and one for CVE-2013-0142 & CVE-2013-014.

(djwm)