The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

CAT | hacking

On October 21st, a large number of websites, including some of the biggest names, were knocked off the Internet by a massive distributed denial-of-service (DDoS) attack. A DDoS attack occurs when thousands to millions of devices send traffic to a target, completely overloading its servers or Internet connection.

· · ·

I have long said that privacy services are all about trust. I this article demonstrating how to use a simple web proxy to compromise the users of that proxy. Of course, the operator of the proxy is being untrustworthy, but that is the whole point. If you don’t have a reason to specifically trust the […]

· · · ·

A new APT called DarkHotel conducts very targeted attacks against executives in Asian hotels. There are several things you can do to protect yourself.

· · · · ·

NSA’s TAO — Dark Reading The Internet has been buzzing with reports of the recently leaked NSA exploits, backdoors, and hacking / surveillance tools. The linked article is good example. None of this should be news to anyone paying attention. Many similar hacking tools are available from vendors at conferences like BlackHat and DefCon. We […]

· · ·

OS News has an interesting article: The second operating system hiding in every mobile phone It discusses the security implications of the fact that all cell phones run two operating systems. One is the OS that you see and interact with: Android, iOS, Windows Phone, BlackBerry, etc. The other is the OS running on the baseband […]

· · ·

Infosec Institute published an article showing in detail how application signing on Android devices can be defeated. This trick allows the attacker to modify a signed application without causing the application to fail its signature check. The attack works by exploiting a flaw in the way signed files in the .apk zip file are installed […]

· · · ·

Welcome to The Privacy Blog Podcast for May 2013. In this month’s episode, I’ll discuss how shared hosting is increasingly becoming a target and platform for mass phishing attacks. Also, I’ll speak about the growing threat of Chinese hackers and some of the reasons behind the increase in online criminal activity. Towards the end of […]

· · · · · · ·

Thanks to the Financial Times for their article on this. When we hear that a company has been hacked by China what is usually meant is that the company has been hacked from a computer with a Chinese IP address. The immediate implication is that it is Chinese government sponsored. Of course, there are many […]

· ·

Another from the “if the data exists, it will get compromised” file. This article from the Washington Post talks about an interesting case of counter surveillance hacking. In 2010, Google disclosed that Chinese hackers breached Google’s servers. What only recently came to light was that one of the things compromised was a database containing information about […]

· · · ·

It is often debated if, and how often, hackers are going after critical infrastructure like water plants, generators, and such. MIT Technology Review reports on a security researcher Kyle Wilhoit’s exploration of this question. He set up two fake control systems and one real one (just not connected to an actual plant), which he then […]

· ·

Older posts >>