Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

Data Mining a Mountain of Zero Day Vulnerabilities 4: Distribution Trends over Time

Chris Wysopal comments on vulnerability distribution trends within a specified time span and analyzes web applications compliance with security standards. How Vulnerability Distribution Is Changing Over Time So, then we looked at trends over time. Are any of these vulnerability distribution percentages...

Data Mining a Mountain of Zero Day Vulnerabilities 3: Vulnerabilities by Language, Supplier and Industry

Additional application vulnerability metrics provided and explained by Chris Wysopal in this part are programming languages, supplier types, and industry. Vulnerabilities by Language So, next I want to take a look at this by language because the language you program in makes a big difference in the kind of...

Data Mining a Mountain of Zero Day Vulnerabilities 2: Top Vulnerability Categories

Getting into the retrieved statistics, Chris Wysopal lists the most common vulnerabilities in web- and non-web applications by ratio and overall prevalence. Web Application Vulnerabilities So, now we’re going to dive into our numbers (see chart). This here is the top vulnerability categories for web...

Data Mining a Mountain of Zero Day Vulnerabilities

Black Hat Europe 2012 conference guest Chris Wysopal, the CTO and Co-founder of Veracode, presents his research on the different sorts of prevalent and potentially exploitable web application vulnerabilities derived from the large data set that was processed by his company. I’m Chris Wysopal, CTO and...

Bypassing the Android Permission Model 7: Exploiting Open Interfaces to Steal Permissions

This is the final part of Georgia Weidman’s HITBSecConf2012 talk where she explains why open interfaces in Android may pose a security threat, and provides mitigations for the risks emanating from Android interfaces. Android Interfaces with Dangerous Functionality If anyone’s ever done Android...

Bypassing the Android Permission Model 6: Compromising Privacy on the Code Level

In this part, Georgia Weidman breaks insecure data storing down to the code level, explaining code samples behind sensitive information access. Vulnerable and Malicious Code Everybody hates it when you show code examples in your talk, but these are really short ones, just to illustrate how easy this is. So,...

Bypassing the Android Permission Model 5: Accessing Data Stored on SD Cards

Exploiting the way data is stored on SD cards in order to access it is what Georgia Weidman elaborates on here, explaining the corresponding demo in detail. So far we have talked about evil Android guy with horns, evil application that wants to hurt you, and it’s malicious. When you download it, it’s...

Bypassing the Android Permission Model 4: SMS Botnets Based on Malicious Rooting

Georgia Weidman explains her instructive demo about using a maliciously rooted Android phone as an SMS bot, and outlines problems with critical firmware updates. Malicious Rooting Now I’m going to show a demo of something you might want to do after you root somebody’s phone if you’re a malicious...

Bypassing the Android Permission Model 3: Evil Rooting with DroidDream

This part of Georgia Weidman’s presentation is dedicated to the malicious side of Android rooting, vividly exemplified by the infamous DroidDream app. We are going to look at some evil ideas for rooting Android. Anybody remember this guy? (See image) DroidDream made a huge media splash because researchers...

Bypassing the Android Permission Model 2: Android Rooting Programs

Georgia Weidman touches upon the Android rooting issue and describes her experiment with Android permissions to show how apps can get hold of user data. I figured out why Android apps have so many permissions. Since I’ve done so much Android development lately, and I’ve watched my apps just fall over and...