Quantcast

Author: david b.

Attack vectors on mobile devices 2: Android and iOS security

Read previous: Attack vectors on mobile devices: Symbian mobile security Having overviewed Symbian OS security scheme, Tam Hanna now focuses on Android and iOS security models’ peculiarities, and speaks on mobile reporting issue. It’s time for Android which runs under slogan: ‘Android is open’, but...

Attack vectors on mobile devices: Symbian mobile security

CEO of Tamoggemon Ltd. Tam Hanna covers the issues of mobile security at DeepSec 2011 conference, focusing on phone theft problems and mobile OS vulnerabilities. Well, today we are going to speak on attack vectors on mobile devices. Well, who am I? This is how I looked before I got into mobile security (see...

What is Anonymous 3: LulzSec vs Anonymous

Read previous: What is Anonymous 2: Are the Anonymous hacktivists really anonymous? The final part of the “What is Anonymous” talk is dedicated to the story of how Anons ended up moving into a strictly illegal area with their activities. Hubris: The reason why I got involved is they f..ked with...

What is Anonymous 2: Are the Anonymous hacktivists really anonymous?

Read previous: What is Anonymous: Anonymous Cyber War a5h3r4h and Hubris proceed with their talk to explain whether the Anonymous hacktivists are really anonymous when it even comes to simple open source research. Hubris (Director of Strategic Operations for Backtrace Security): Everyone, now, this is the...

What is Anonymous: Anonymous Cyber War

This is a revealing Defcon presentation by Backtrace Security representatives a5h3r4h and Hubris on history of the Anonymous, their methods and activities. a5h3r4h: My name is a5h3r4h, I’m Director of Psychological Operations at Backtrace Security. Me and my colleague Hubris are gonna talk a little bit...

How Our Browsing History Is Leaking into the Cloud 2

Read previous: How Our Browsing History Is Leaking into the Cloud In this section, Brian Kennish provides stats obtained by crawling popular sites to see the scope of ongoing personal data collection by big data aggregates. A reverse-tracking spider Our goals with this crawler were to get a list of the most...

How Our Browsing History Is Leaking into the Cloud

Former Google engineer Brian Kennish delivers a speech at Defcon about the scope of user tracking being conducted by large media companies. My name is Brian Kennish. I am gonna be talking about how our web browser history is leaking into the cloud. I never actually talk about myself much at events like...

How to rob an online bank 4: currency exchange manipulations and getting away with it

Read previous: How to rob an online bank 3: SQL injection Final part of Mitja Kolsek’s DeepSec conference presentation, outlining currency exchange manipulations and the ways to get away with online banking fraud. Currency rounding attack A lot of you probably like vulnerabilities, you would like...

How to rob an online bank 3: SQL injection

Read previous: How to rob an online bank 2 Mitja Kolsek explains limit checks bypassing, HTTP parameter pollution, SQL injection and signature exploiting as e-banking heist methods, based on pen testing. Bypassing limit checks Next thing – bypassing limit checks. Banks like to impose limits on us. They...

How to rob an online bank 2

Read previous: How to rob an online bank In this part of the presentation, Mitja Kolsek speaks on direct resource access and the use of negative numbers to trick e-banking systems. Direct resource access This is one of the top vulnerabilities in all web applications, and online banking is mostly web based....

How to rob an online bank

Captivating talk by Mitja Kolsek at DeepSec 2011 conference, describing the methods and prevalent vectors of online banking attacks. Mitja Kolsek is a computer and network security expert and the CEO of ACROS Security – a Slovenia-based company specializing in digital security research. He has a rich...

SSL and the future of authenticity 4: Perspectives and Convergence models

Final part of Moxie Marlinspike’s Defcon talk outlines the alternatives of current CA system: ‘Perspectives’ and ‘Convergence’ projects. ‘Perspectives’ model So, let’s talk about things that I’m a little bit more inspired by. There’s a project called ‘Perspectives’ which came out of...

SSL and the future of authenticity 3: Trust agility concept

Moxie moves on with his Defcon talk to introduce and explain the notion of trust agility and outline trust requirements under DNSSEC1 authenticity model. I think it’s a good idea to look back at what happened to Comodo. Well… nothing happened to Comodo. But why? Why did nothing happen? What could we...

SSL and the future of authenticity 2: certificate authorities

Second part of Moxie Marlinspike’s presentation dedicated to the authenticity component of a secure protocol and the general perceptions of SSL problems. Authenticity is important of course, because normally, if you establish a secure session with a website, the problem is that if you don’t have...

SSL and the future of authenticity: Comodo hack and secure protocol components

Defcon presentation by computer security researcher Moxie Marlinspike on the past, present and the future of SSL encryption protocol and authenticity as such. Okay, let’s talk about SSL and the future of authenticity. Really, this talk is about trust, and I wanna start this talk out with a story – it’s...

Browsing Known Sites is Safe – True or False 2: malware distribution

Read previous: Browsing Known Sites is Safe – True or False: Ill-family malware Having talked about the ‘Ill-family’ infections, Lukas Hasik and Jiri Sejtko get down to explaining the peculiarities and distribution patterns of JS:Kroxxu and JS:Prontexi which are the two other widespread types of...

Browsing Known Sites is Safe – True or False: Ill-family malware

Avast Software officials Lukas Hasik and Jiri Sejtko present their observations and insights into the prevalent web infections in the wild during their talk at RSA Conference. The key points in this part of the discussion are the ‘trust phenomenon’ explanation and the analysis of ‘Ill-family’ malware...

The Ugly Truth About Mobile Security 2: premium-rate numbers affiliate networks

Read previous: The Ugly Truth About Mobile Security: Mobile malware and SMS Trojans What is the core reason for the Russian mobile cybercrime’s flourishing? To address this point, Denis Maslennikov explains in detail how a typical SMS Trojan scheme works, and how little it actually takes to register with...

The Ugly Truth About Mobile Security: Mobile malware and SMS Trojans

Kaspersky Lab’s Senior Malware Analyst Denis Maslennikov speaks at RSA Conference about the mobile side of the Russian cybercrime. Maslennikov outlines the prevalent techniques applied for scamming users, describing modifications of SMS Trojans and explaining how they work. Hello, my name is Denis...

Generations of DoS attacks 4: more LulzSec details and applicable defenses

Read previous: Generations of DoS attacks 3: examples of attacks and insider’s view of LulzSec story CloudFlare’s CEO and co-founder Matthew Prince provides some additional details of the kerfuffle around Lulz Security’s activities during June-July 2011: the origins of their website traffic spikes and...

Generations of DoS attacks 3: examples of attacks and insider’s view of LulzSec story

Read previous: Generations of DoS attacks 2: Layer 4, Layer 7 and Link-Local IPv6 attacks In this part, Sam Bowne exemplifies each major type of DoS attacks, showing the actual implementation process and the potential damage that may occur. The CEO of CloudFlare Matthew Prince then takes the floor to talk...

Generations of DoS attacks 2: Layer 4, Layer 7 and Link-Local IPv6 attacks

Read previous: Generations of DoS attacks: some history and links to Jester, Anonymous and LulzSec Sam Bowne’s primary focus in this section of his talk is on the technical part of different types of DoS attacks: the relatively primitive Layer 4 DDoS, variations of the more sophisticated Layer 7 DoS and...

Generations of DoS attacks: some history and links to Jester, Anonymous and LulzSec

Sam Bowne from City College of San Francisco shares his expertise in the history of denial-of-service attacks, their technical aspects, and the major groups of hacktivists who use those for various purposes. This Defcon presentation starts with the classification of DoS attacks and the analysis thereof in...

How to remove Facebook malware

Malware distribution in social networks appears to be turning into a steadily growing trend. This tutorial encompasses the description of the most common patterns of malware propagation on Facebook, and provides tips on how to eliminate the risk to enjoy social networking to the fullest. Criminals are...

How malware authors are winning the war 3: social media scams and security enhancement

Read previous: How malware authors are winning the war 2: exploit toolkits, fake antiviruses and mobile threats James Lyne moves on with his analysis of malware distribution patterns, speaking on the techniques fraudsters are applying to diversify away from the expected conventional paradigm of cybercrime...

How malware authors are winning the war 2: exploit toolkits, fake antiviruses and mobile threats

Read previous: How malware authors are winning the war: waves of malicious code Having singled out the three major waves of malicious code evolution, Sophos’ James Lyne proceeds with his presentation, describing exploit toolkits, rogue antivirus activity patterns and the gradual, yet steadily growing trend...

How malware authors are winning the war: waves of malicious code

Director of Technology Strategy at Sophos James Lyne expresses his vision of the way malware production has evolved over time, shifting from mostly prankish activities to the complex sophisticated cybercrime infrastructure that we’re seeing today. Hello there, my name is James Lyne from Sophos, and today...

The threats of the Age of cyber-warfare 2: Kaspersky on cybercrime

Follow-up on Eugene Kaspersky’s talk called “The threats of the Age of cyber-warfare” where the speaker is looking into instances of critical infrastructure damage, catastrophes and military challenges called forth by cybercrime. Mr. Kaspersky is also providing some ideas on minimizing the risks,...

The threats of the Age of cyber-warfare: Eugene Kaspersky on cybercrime

Co-founder and CEO of “Kaspersky Lab” Eugene Kaspersky delivers a speech called “The threats of the Age of cyber-warfare”, expressing his vision on the current state of the global cybercrime and exemplifying his research with some observations and evidence of close affiliation of...

Eugene Kaspersky on the evolution of malware

Co-founder of Kaspersky Lab and a true cybersecurity guru Eugene Kaspersky gives a short talk, expressing his viewpoint on malware evolution: the way malware was, the way it is now and how things might change in the future. The evolution of malware within last 10 years depends on the evolution of people who...