Lost+Found: failed extortionists, Google hack and OAuth security

Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H's radar over the last seven days: Cain & Abel on Windows 8, Google hacked, failed extortionists, untangling the web, OAuth security issues, and vulnerabilities in NetApp and SAP ERP...

• Version 4.9.44 of all-purpose hacking tool Cain & Abel now supports Windows 8. But be warned – the collection of tools provokes an allergic reaction from many anti-virus products.

• Google has been hacked. Not, however, the search engine, just the building control system for its Australian offices.

• Cyber-extortionists have hacked the email server of US TV channel FOX21 and encrypted the emails stored on it. The channel was not, however, forced to pay out the $5000 ransom demanded, as it had a backup.

• A 643-page magnum opus entitled Untangling the Web: a Guide to Internet Research provides readers with tricks and tips for locating interesting information on the web. That the publisher knows whereof it speaks is beyond doubt – it has been issued by the NSA.

• NetApp's OnCommand system manager contains security vulnerabilities, which the company has no plans to fix. Could that be because in order to exploit the vulnerabilities an attacker would have to be logged on as root?

• Glaring security vulnerabilities are to be found not only in Flash Player; they can also be found in flagship business applications like SAP ERP. Security company ESNC has released an advisory on a critical vulnerability which can be exploited to inject code. The vulnerability was patched late last year.

• OAuth is reported to still be struggling with CSRF-related security issues.

(sno)