Rakshasa hardware backdooring: the demon that can't be exorcized?
Jonathan Brossard describes an 'undetectable, unremovable' attack on firmware through gimmicked hardware or a subsequent malware attack. David Harley isn't convinced.
Archives - July 2012
Defcon focus on the Fed comes with conflicting emotions
After my colleague Stephen Cobb stood in a huge line at Defcon waiting to get into the Friday keynote by NSA chief General Alexander, plus a swarm of interest shown at the two-part Meet the Fed panel presentation the next day, it’s becoming clear that multiple agencies of the federal government are focused on hackers,
Apache/PHP web access holes – are your .htaccess controls really safe
If your organization’s website runs on Apache, and many do, you might wonder if the webserver’s .htaccess controls are securely configured. If you believe the demo we saw yesterday at Blackhat by Matias Katz and Maximiliano Soler, the answer is a resounding ‘NO!’ What Katz and Soler described in their session is not some rare
Rovnix.D: the code injection story
Detailed analysis of Rovnix.D reveal updates to the code injection technique employed, allowing multiple injections with a variety of payloads.
Offensive / Proactive tactics, will they really work? Blackhat day 1
Blackhat keynote speaker Shawn Henry, the former executive assistant director of the FBI’s Criminal, Cyber, Response and Service Branch, started off the day after opening remarks from Jeff Moss, founder of Blackhat. Moss wondered if now was the time for the cyber-security sector to take a more aggressive/offensive approach. Jeff mentioned working for a former
.ASIA domain name scams still going strong
Today I received the following message in my inbox, claiming to be from the Asian Domain Registration Service and warning me that the eset brand was in danger of being registered by a third-party. Here is the message I received, which I’ve included in its entirety, except for a few bits: Received: from mail.umail168.cn4e.com
Free YouTube .mp3 converters – with a free malware bonus
Want to access the music tracks of YouTube.com videos on your iPod but don’t want to pay? You’re not alone. Recently, a crop of websites have popped up offering to convert the audio from videos to .mp3 files that you can then download at no charge. Sounds great, right? The catch: scammers are trying to
Gamigo game site hack lessons learned (and what should you do)
Gamigo learned a few months ago about a breach and alerted its users that they had been attacked. But now, we see an estimated 8+ million records just went public, no small amount for the attackers. What is interesting is that by one account, hash cracking was able to decrypt over 90% of the passwords,
The Tech Support Scammer's Revenge
Giving a support scammer access to your PC can give you more problems than any imaginary virus, especially if you refuse to pay for his 'service'.
Flame, Duqu and Stuxnet: in‑depth code analysis of mssecmgr.ocx
Analysis of the Flame worm (Win32/Flamer) reveals some interesting facts about the internal structure of its main module.
Password Party Weekend? Millions exposed now include Phandroid, Nvidia, me
Changing the passwords on your online accounts might not sound like a fun weekend activity, but that’s what I did last weekend. Why? Because on Sunday I found out that one of my email addresses was in the list of Yahoo! logins whose passwords were exposed by sloppy handling of a credential file (an incident
Rovnix bootkit framework updated
Changes in the threatscape as regards exploitation of 64-bit systems, exemplified by the latest modifications to the Rovnix bootkit.
Passwords of Plenty*: what 442773 leaked Yahoo! accounts can tell us
If a service leaks your credentials, your options are limited, but changing all your passwords to something harder to guess/break is never a bad idea.
Scareware on the Piggy‑Back of ACAD/Medre.A
There are always people who want to piggy-back on the achievements of others. After ESET warned the public against ACAD/Medre.A in two blogs here and here and issued a free standalone cleaner for remediation, there was always the possibility that drawing attention to the issue would result in the topic being misused for other purposes.
Instagram vulnerability can allow strangers access to your photos and more
Are you one of the 50 million users of Instagram, the photo-sharing service bought by Facebook in April for $1 billion? If so you need to look out for an Instagram update to fix a vulnerability that has just been published by Spanish security researcher Sebastián Guerrero. This vulnerability, which Guerrero has dubbed the "Friendship
Java the Hutt meets CVE‑2012‑1723: the Evil Empire strikes back
The Java exploit for CVE-2012-1723 is already included in the latest update of the BlackHole exploit kit.
Is my business too small to be hacked by a nation‑state (or should I worry)?
Small businesses have their hands full these days in light of a down economy, tightening budgets and the steepening pace of business, but with nation-state hacks front and center in the threatscape, should you worry about those too, or are you (and your customers) safe? Nation-state hacks bring to mind images of large defense contractors,
DNSChanger: lies, damn' lies and telemetry statistics
First the panic, then the accusations of hype. Can we really estimate the impact of DNSchanger yet?
DNSChanger mini‑FAQ
Some brief answers to questions about the server shutdown that will affect tens/hundreds of thousands of DNSChanger victims on 9th July.
Cybercrime and the small business: Basic defensive measures
Evidence that criminals are targeting the computer systems of small businesses continues to mount. The Wall Street Journal recently drew attention to the way cybercriminals are sniffing out vulnerable firms. The article highlighted the fact that about 72% of the 855 data breaches world-wide last year that were analyzed in Verizon's Data Breach Investigation Report