Quantcast

Archive: Jan 2013

Moti Yung and Adam Young on Kleptography and Cryptovirology 3: Deploying Cryptoviral Extortion Attack

In this part, Moti Yung lists the main possible applications for cryptovirology and goes into detail of a typical cryptoviral extortion attack. Now we’re going to get to the subject of cryptovirology, and I will review three topics (see image). The first one is cryptoviral extortion; this is an active...

Moti Yung and Adam Young on Kleptography and Cryptovirology 2: Cryptography in Polymorphic Viruses

Continuing with the retrospective overview of malicious software, in this part Moti Yung focuses on the role of crypto in the execution workflow of polymorphic viruses and touches upon the basic principles of public-key cryptography. I want to point out one interesting design – actually,...

ParetoLogic XoftSpySE Anti-Spyware 7.0 review

$29.95 XoftSpySE Anti-Spyware is an eye-catching and easy-to-use solution that unfortunately lacks real-time protection and due spyware detection power. Usability:  Features:  Efficiency:  Support:  Overall:  Download System Requirements Operating System: Windows XP SP3 (32...

“Yes We Can’t!” – On Kleptography and Cryptovirology

This is a study conducted by computer scientists and well-known cryptographers Moti Yung and Adam Young on the two-way relation between cryptography and malicious software. The research was presented by Moti Yung at 26th Chaos Communication Congress (26C3) in Berlin. Yes, we can’t! Yes, we can or yes, we...

Anonymous Launches “Operation Last Resort” Targeting U.S. Government Website

Hackers representing the much-spoken-of Anonymous group made the website of the United States Sentencing Commission go offline starting early Saturday. Judging from the hacktivists’ message posted on the hacked website and on YouTube, this attack was launched as retaliation for the recent death of Aaron...

Mikko Hypponen on Cyber Warfare 4: Challenges of the Cyber Arms Race

This part encompasses Mikko Hypponen’s thoughts on why sophisticated viruses like Stuxnet and Flame are so hard to detect using the regular security technology. If you look at Miniflame which was found recently, one of the files actually contains country information, which tells us in which country that...

Mikko Hypponen on Cyber Warfare 3: Stuxnet as an Offensive Attack Weapon

Mr. Hypponen now draws attention to the process where computer science basically turned into an offensive weapon capable of killing people, namely Stuxnet worm. Stuxnet is the only one which actually does physical damage. It controls the PLC gear inside the Natanz nuclear enrichment facility, blowing up...

Mikko Hypponen on Cyber Warfare 2: Types of Governmental Attacks

Shifting the focus over to governmental attacks, Mikko Hypponen breaks nation states’ cyber warfare down into several types, depending on the objects targeted. Within attacks coming from governments we have a range of stuff. We have espionage. You might have heard about what is often characterized as APT...

F-Secure’s Mikko Hypponen on Cyber Warfare at Wired 2012

Chief Research Officer at F-Secure and true computer security guru Mikko Hypponen outlines the state and scope of today’s cyber threatscape at Wired 2012 event. My name is Mikko Hypponen, and his name is “Arashi”. He is one of the examples of Russian organized cyber criminals who create...

Offensive Threat Modeling for Attackers 8: Confusing the Adversary

This is the final part of the presentation dedicated to nuances of exploiting various components of an adversary’s defensive posture for a successful attack. So, now we want to directly engage the defenses. A very effective thing is false flag operations. Does everybody knows what a false flag is? False...

Offensive Threat Modeling for Attackers 7: Utilizing Different Infiltration Vectors

Shane MacDougall and Rafal Los explicate herein the issues of offensive modeling from the perspectives of company’s human component and time windows for attack. Shane MacDougall: A big tool in determining your targets within a company is company sentiment. You really want to identify as many users at risk...

Offensive Threat Modeling for Attackers 6: Insight into Points of Attack

Presenting their subject further, Shane MacDougall and Rafal Los stick to the objectives and key constituents of the points of attack modeling process. To model the points of attack, obviously, our key objective is to break everything down into the tiniest pieces possible. If you’re familiar with the...

Offensive Threat Modeling for Attackers 5: Modeling the Defender

It’s now turn for Shane MacDougall to contribute to the presentation and focus on the different aspects of modeling the defender for offensive purposes. Shane MacDougall: Now we’re going to get into the meat of the matter of how we’re actually going to break this down. So, modeling the defender (see...

Offensive Threat Modeling for Attackers 4: Executing the Attack the Right Way

HP Software’s Rafal Los now highlights the finishing touches to perform before the attack can be executed, and summarizes the entire offensive threat scenario. I hope you guys get the irony of hanging a piece of Swiss cheese in the Posture slide (see image). Identifying asset’s defensive posture: how...

Offensive Threat Modeling for Attackers 3: Identifying the Purpose, Target Assets and Points of Attack

In this section of the presentation Rafal Los thoroughly analyzes the offensive routine in the context of its purpose, prioritization, and points of attack. When you’re looking at a system, you have to know what’s behind it, you have to know what the infrastructure is, so if you’ve got an Oracle...

Offensive Threat Modeling for Attackers 2: Exploiting Defenders’ Weaknesses

Moving on with the subject, Rafal Los provides a step-by-step insight into preliminary measures and the right strategy for attacking the adversary’s assets. So, how do we use weaknesses of defenders as a weapon? I found a really cool quote that I like to use a lot: “To lack intelligence is to be in...

Offensive Threat Modeling for Attackers: Turning Threat Modeling on its Head

Rafal M. Los, HP Software’s Chief Security Evangelist, and Shane MacDougall, principal partner at Tactical Intelligence, give a presentation at Black Hat Europe 2012 to show a non-standard perspective of threat modeling as an offensive tool. Rafal M. Los: Hi! I’m Raf, that’s Shane right over here....

Best Security Software 2012 – Privacy PC Awards

2012 turned out to be saturated with security events. We saw influxes of new sophisticated malware, outrageous breaches, data leakages, and a myriad of expert perspectives on what measures to adopt for mitigating the associated risks. Meanwhile, one of our primary highlights is the state of security...

Making Attackers’ Lives Miserable 3: How to Spot and Attack the Bad Guys

Paul Asadoorian and John Strand give finishing touches to their research, highlighting methods of attribution and counterattacking, and listing the relevant precautions. Paul Asadoorian: Now along to attribution. So, if we can annoy attackers and draw them into certain places inside of our website or inside...

Making Attackers’ Lives Miserable 2: Setting Traps with Recursive Directories

In this section, Paul Asadoorian and John Strand elaborate on the aspect of annoyance that deals with making an attacker repeatedly go through a loop of directories on the targeted website. John Strand: Infinitely recursive directories are another one of the areas that you can mess with attackers’ lives....

Offensive Countermeasures – Making Attackers’ Lives Miserable

PaulDotCom’s Paul Asadoorian and John Strand present an intriguing research at RSA Conference 2012 about ways to confuse, upset and geolocate cyber intruders. Paul Asadoorian: Hello everyone and welcome to Offensive Countermeasures – Making Attackers’ Lives Miserable. My name is Paul...

Bitdefender Internet Security 2016 review

$59.95 Bitdefender Internet Security 2016 provides silent and hassle-free protection of premium quality. Usability:  Features:  Efficiency:  Support:  Overall:  Download Rating charts of the industry’s best Internet security software are only complete with Bitdefender’s...

The Art of Effectively Communicating with a Cyber Predator 3: Example of a Matching Conversation

To make the presentation more vivid, Janice Niederhofer now provides a demo of the conversation with a cyber predator, demonstrating the art of matching. Let’s move on. Conversely, if you want to decrease rapport, you can deliberately mismatch. We’ve been matching the cyber predator’s communication and...

The Art of Effectively Communicating with a Cyber Predator 2: Building Rapport with the Scammer

Janice Niederhofer now elaborates on establishing rapport with a cyber predator, focusing on language matching techniques and the use of so-called VAK senses. Build Rapport, then Move Forward For rapport to exist between you and a cyber predator, you have to have 3 things: understanding, appreciation, and...

Luring Your Prey – The Art of Effectively Communicating with a Cyber Predator

Janice Niederhofer, founder and CEO of Peerage Consulting, Inc., gives a captivating presentation at RSA Conference, dissecting the subtle yet very significant components of online communication with scammers and other ill-minded individuals seeking preys on the Internet. Welcome to the session:...