Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

When is hacking not hacking?

August 29th 2013

An interesting article: http://nakedsecurity.sophos.com/2013/08/29/reality-tv-mother-of-eight-kate-gosselin-sues-husband-for-hacking-email-phone-revealing-private-info/ It certainly is true that we allow words to be misused / watered down / become too “catch-all”. But then we read this, where a person who broke into Sarah Palin’s email account by guessing the answer to her secret questions is described as a hacker: http://nakedsecurity.sophos.com/2010/11/12/sarah-palins-email-hacker-sentenced-to-366-days-in-custody/.  The main difference between […]

Read On No Comments

infosecblog.org closing

August 26th 2013

This is sad:http://www.infosecblog.org/2013/08/closed/ I can understand how work policies and vendor sensitivities can make blogging awkward, if not impossible at times.  I’ve faced the same challenge often enough myself. We are always having to balance getting information out there that is useful with trying not to embarrass the victims or clue the bad guys in […]

Read On No Comments

Windows phone wi-fi vulnerability may lead to encrypted domain credential theft…

August 17th 2013

“Microsoft is aware of a public report that describes a known weakness in the Wi-Fi authentication protocol known as PEAP-MS-CHAPv2 (Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2), used by Windows Phones for WPA2 wireless authentication. In vulnerable scenarios, an attacker who successfully exploited this issue could achieve information disclosure against […]

Read On No Comments

Interesting: header spoofing hides malware communication…

August 17th 2013

Cite: http://blog.trendmicro.com/trendlabs-security-intelligence/header-spoofing-hides-malware-communication  

Read On No Comments

When spammers screw up…

August 9th 2013

This is just a quick insight into how the spammers create all those flattering comments for our blogs. This is a comment that I saw in my queue a short while ago… click on the pic to see the full size view…

Read On 2 Comments

Mandatory OpenX upgrade released

August 8th 2013

Go and get it guys – the compromise being addressed by this upgrade is being actively exploited. And PLEASE make sure you follow the instructions to scrub your existing install. http://forum.openx.org/index.php?showtopic=503521628

Read On No Comments

More information about the OpenX compromise

August 7th 2013

http://stopmalvertising.com/malware-reports/openx-ad-server-downloads-contain-backdoor.html  

Read On No Comments

Daily Mail privacy breach

August 7th 2013

I’m not going to try to re-describe what has happened this time, because the article by Sophos is a most marvellously funny read. Read and enjoy here: http://nakedsecurity.sophos.com/2013/08/07/daily-mail-readers-wince-as-mail-online-slices-and-dices-their-data/ Yes, I know, privacy breaches are no laughing matter.  I hope my readers forgive my mirth.    

Read On No Comments

OpenX compromise: backdoor discovered

August 6th 2013

It is being reported that all downloads of OpenX adserver software since NOVEMBER 2012 have included a backdoor. Details here: http://blog.sucuri.net/2013/08/openx-org-compromised-and-downloads-injected-with-a-backdoor.html Please spread the word.

Read On No Comments

Totally off topic but very interesting – "Xerox scanners/photocopiers randomly alter numbers in scanned documents"

August 5th 2013

Have a read of this – very interesting: http://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres_are_switching_written_numbers_when_scanning  

Read On No Comments