CAT | Computer Security
A new APT called DarkHotel conducts very targeted attacks against executives in Asian hotels. There are several things you can do to protect yourself.
NSA’s TAO — Dark Reading The Internet has been buzzing with reports of the recently leaked NSA exploits, backdoors, and hacking / surveillance tools. The linked article is good example. None of this should be news to anyone paying attention. Many similar hacking tools are available from vendors at conferences like BlackHat and DefCon. We […]
In a new attack, some websites have been set up to show visitors a slash page that says the vicim’s computer has been blocked because is has been used to access illegal pornographic content. The user is then presented a link to pay an instant “fine” of $300 to the scammers. This is a new […]
Arstechnica reports on the discovery of signed malware designed for surveillance on the Mac laptop of an Angolan activist. The malware was a trojan that the activist obtained through a spear phishing email attack. The news here is that the malware was signed with a valid Apple Developer ID. The idea is that having all […]
The latest Java exploit has given another view into the workings of the cybercrime economy. Although I should not be, I am always startled at just how open and robustly capitalistic the whole enterprise has become. The business is conducted more or less in the open. Krebs on Security has a nice piece on an […]
The Washington Post has a good article on social engineering attacks. It is a good treatment of the topic. Short answer, humans are the weak link, and can be defeated with extremely high probability. The take away from this whole thing is that we need to be building security systems that don’t rely on humans […]
Forbs is reporting that Anonymous and Antisec have dropped a file with a million Unique Device ID (UDID) numbers for Apple iOS devices. They claim to have acquired an additional 11 million records which they may release later. In addition to the identifiers, the file is said to also contain usernames, device names, cell numbers, […]
HideMyAss.com keeps logs and exposes their users. Why that is a bad policy, and how to judge a good privacy provider.
Vendor of Stolen Bank Cards Hacked — Krebs on Security Brian Krebs has an interesting blog post on how all of the credit card information was stolen by a hacker from a website that sells stolen credit cards. This is in the “don’t know whether to laugh or cry” department.
Here is a really nice analysis of the recent security breach at Lockheed Martin. The short version is that is looks like their SecureID tokens got duplicated. This is almost certainly related to the security breach at EMC / RSA. Digital Dao: An Open Source Analysis Of The Lockheed Martin Network Breach