Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

How to rob an online bank 2

Read previous: How to rob an online bank In this part of the presentation, Mitja Kolsek speaks on direct resource access and the use of negative numbers to trick e-banking systems. Direct resource access This is one of the top vulnerabilities in all web applications, and online banking is mostly web based....

How to rob an online bank

Captivating talk by Mitja Kolsek at DeepSec 2011 conference, describing the methods and prevalent vectors of online banking attacks. Mitja Kolsek is a computer and network security expert and the CEO of ACROS Security – a Slovenia-based company specializing in digital security research. He has a rich...

SSL and the future of authenticity 4: Perspectives and Convergence models

Final part of Moxie Marlinspike’s Defcon talk outlines the alternatives of current CA system: ‘Perspectives’ and ‘Convergence’ projects. ‘Perspectives’ model So, let’s talk about things that I’m a little bit more inspired by. There’s a project called ‘Perspectives’ which came out of...

SSL and the future of authenticity 3: Trust agility concept

Moxie moves on with his Defcon talk to introduce and explain the notion of trust agility and outline trust requirements under DNSSEC1 authenticity model. I think it’s a good idea to look back at what happened to Comodo. Well… nothing happened to Comodo. But why? Why did nothing happen? What could we...

SSL and the future of authenticity 2: certificate authorities

Second part of Moxie Marlinspike’s presentation dedicated to the authenticity component of a secure protocol and the general perceptions of SSL problems. Authenticity is important of course, because normally, if you establish a secure session with a website, the problem is that if you don’t have...

SSL and the future of authenticity: Comodo hack and secure protocol components

Defcon presentation by computer security researcher Moxie Marlinspike on the past, present and the future of SSL encryption protocol and authenticity as such. Okay, let’s talk about SSL and the future of authenticity. Really, this talk is about trust, and I wanna start this talk out with a story – it’s...

Browsing Known Sites is Safe – True or False 2: malware distribution

Read previous: Browsing Known Sites is Safe – True or False: Ill-family malware Having talked about the ‘Ill-family’ infections, Lukas Hasik and Jiri Sejtko get down to explaining the peculiarities and distribution patterns of JS:Kroxxu and JS:Prontexi which are the two other widespread types of...

Browsing Known Sites is Safe – True or False: Ill-family malware

Avast Software officials Lukas Hasik and Jiri Sejtko present their observations and insights into the prevalent web infections in the wild during their talk at RSA Conference. The key points in this part of the discussion are the ‘trust phenomenon’ explanation and the analysis of ‘Ill-family’ malware...

The Ugly Truth About Mobile Security 2: premium-rate numbers affiliate networks

Read previous: The Ugly Truth About Mobile Security: Mobile malware and SMS Trojans What is the core reason for the Russian mobile cybercrime’s flourishing? To address this point, Denis Maslennikov explains in detail how a typical SMS Trojan scheme works, and how little it actually takes to register with...

The Ugly Truth About Mobile Security: Mobile malware and SMS Trojans

Kaspersky Lab’s Senior Malware Analyst Denis Maslennikov speaks at RSA Conference about the mobile side of the Russian cybercrime. Maslennikov outlines the prevalent techniques applied for scamming users, describing modifications of SMS Trojans and explaining how they work. Hello, my name is Denis...