Category Archives: Technical

General Technical information

3 years later, hackers who hit Google continue string of potent attacks

Posted on by

The hackers who breached the defenses of Google and at least 34 other big companies three years ago have unleashed a barrage of new attacks since then, many that exploit previously undocumented vulnerabilities in software from Microsoft and Adobe, a new report has found.

via 3 years later, hackers who hit Google continue string of potent attacks | Ars Technica.

Researchers have dubbed this approach “watering hole” attacks, and say they’re “similar to a predator waiting at a watering hole in a desert. The predator knows that victims will eventually have to come to the watering hole, so rather than go hunting, he waits for his victims to come to him.”

OpenStand: Internet standards groups embrace open process

Posted on by

The OpenStand principles are in sharp contrast to the more formal, government-driven efforts of rival standards bodies such as the International Telecommunication Union (ITU), which is an arm of the United Nations, and the International Organization for Standardization (ISO), a group of national standards bodies. While ITU and ISO have national representation, groups like the IAB and IETF are comprised of individual engineers from corporations and universities.

via OpenStand: Internet standards groups embrace open process.

Resilient ‘SMSZombie’ Infects 500,000 Android Users in China

Posted on by

If an Android user downloads the app and sets it as the device’s wallpaper, the app then prompts the user to install additional files. “If the user agrees, the virus payload is delivered within a file called ‘Android System Service,’” TrustGo explained.

via Resilient ‘SMSZombie’ Infects 500,000 Android Users in China | SecurityWeek.Com.

The article states that this only affects users of China Mobile.  I find it interesting that to get infected not only do you have to install the bad app, you also have to agree to install these additional files.  Wouldn’t the second prompt raise some suspicion?

Inside a ‘Reveton’ Ransomware Operation

Posted on by

In an alert published last week, the FBI said that The Internet Crime Complaint Center — a partnership between the FBI and the National White Collar Crime Center — was “getting inundated with complaints” from consumers targeted or victimized by the scam, which uses drive-by downloads to hijack host machines. The downloaded malware displays a threatening message (see image to the right) and blocks the user from doing anything else unless he pays the fine or finds a way to remove the program

via Inside a ‘Reveton’ Ransomware Operation — Krebs on Security.

Canadian hacker dupes Walmart to win Def Con prize

Posted on by

In short, he got all sorts of information that could be used in a hacker attack. How? A bit of research and an ability to spin a few lies over the phone.

As security systems get increasingly difficult to crack, hackers are turning toward a new source of information: people.

via  Canadian hacker dupes Walmart to win Def Con prize

Hackers have always utilized people or social engineering.

Chris Hadnagy, who organizes the Def Con contest, said social engineering is a “hardly discussed, trained or defended against” threat.

“Social engineering is the easiest and most widely used way to infiltrate companies,” Hadnagy said.

Hear, All Ye People; Hearken, O Earth (Part One)

Posted on by

Renaud had written 52 essays in total. Eleven were set in Times New Roman, 18 in Trebuchet MS, and the remaining 23 in Georgia. The Times New Roman papers earned an average grade of A-, but the Trebuchet papers could only muster a B-.

And the Georgia essays? A solid A.

via Hear, All Ye People; Hearken, O Earth (Part One) – NYTimes.com.

Wall Street and the Mismanagement of Software

Posted on by

It’s clear that Knight’s software was deployed without adequate verification. With a deadline that could not be extended, Knight had to choose between two alternatives: delaying their new system until they had a high degree of confidence in its reliability (possibly resulting in a loss of business to competitors in the interim), or deploying an incompletely verified system and hoping that any bugs would be minor. They did not choose wisely.

via Wall Street and the Mismanagement of Software | Dr Dobb’s.

What is needed is a change in the way that such critical software is developed and deployed. Safety-critical domains such as commercial avionics, where software failure could directly cause or contribute to the loss of human life, have known about this for decades. These industries have produced standards for software certification that heavily emphasize appropriate “life cycle” processes for software development, verification, and quality assurance. A “safety culture” has infused the entire industry, with hazard/safety analysis a key part of the overall process. Until the software has been certified as compliant with the standard, the plane does not fly. The result is an impressive record in practice: no human fatality on a commercial aircraft has been attributed to a software error.

Researchers Identify Four BlackBerry Zitmo Variants

Posted on by

Zitmo refers to a version of the Zeus malware that specifically targets mobile devices. Previous Zitmos variants masqueraded as banking security applications or security add-ons to circumvent out-of-band authentication systems used by some financial institutions by intercepting one-time passwords sent via text message and forwarding it to a another cell number that acted as a command-and-control device.

via Researchers Identify Four BlackBerry Zitmo Variants | SecurityWeek.Com.

Collaborating on research is important because the vulnerability doesn’t have to be within BlackBerry’s code to compromise the platform, Stone noted. For example, researchers exploited issues in the open source browser engine Webkit to hack a BlackBerry last year’s CanSecWest Pwn2Own contest. It’s about “protecting the ecosystem,” as one vulnerability identified in one platform can easily exist in another platform, Stone said.