Quantcast

Author: david b.

Web Application Hacking 2: Components of Public Key Infrastructure

From this entry, which is a follow-up on the dedicated lecture at FSU, you can learn an in-depth outline of how digital certificates and certificate authorities work. Certificates are composed of a public and a private key. I should mention that there was a point where there was only one root certificate...

Web Application Hacking – SSL / TLS Infrastructure and Attacks

This article highlights the issues raised at the Florida State University lecture for “Offensive Security” regarding SSL and TLS protocols, namely their background, infrastructure, flaws and known crypto attacks. The outline for today’s talk is we’re going to go over SSL and TLS and cover its...

Bruce Schneier on The Matthew Filipowicz Show 2: Obstacles to Restoring Trust for the NSA

As a follow-up on the interview, Bruce Schneier explains his perspective of ways for the NSA to regain citizens’ trust and the economic aspects of the matter. – I’m talking to Bruce Schneier, a security technologist, encryption specialist and author. Let’s talk about the political side of what...

Bruce Schneier on The Matthew Filipowicz Show: NSA Working with Tech Companies to Insert Weaknesses into Code

This entry reflects a down-to-earth discussion with security guru Bruce Schneier about how the NSA endangers regular PC users while spying on alleged adversaries. – Alright, joining me now here on the Matthew Filipowicz show is Bruce Schneier. Bruce is a security technologist and encryption...

Bruce Schneier on the NSA’s Surveillance 5: Possible Backlash of Ubiquitous Spying

The Occupy Radio host and Bruce Schneier now dwell on the probable outcomes of the NSA’s spying activities and try to depict the future state of affairs. – Ok, now that exists on a domestic scale and it exists on an international scale: we want to have power over a government. I’m curious: is our...

Bruce Schneier on the NSA’s Surveillance 4: The Social Value of Privacy

The radio talk show host and security expert Bruce Schneier now discuss the amount and methods of data collection by the NSA and how it affects citizen privacy. – I’m speaking with authoritative security expert Bruce Schneier about the data collecting agency, the NSA. We’re talking about fear, real...

Bruce Schneier on the NSA’s Surveillance 3: Misperceptions of Terrorism

The collocutors are now shifting the focus over to issues of defining terrorism and the role of corporate profit and political power in today’s NSA activities. – The fix is bringing all out into the open? – Yes. Like with any other program, we have to know if what they’re doing is legal, if...

Bruce Schneier on the NSA’s Surveillance 2: Eavesdropping on Everything

Bruce Schneier and the Occupy Radio host now discuss cost efficiency of the NSA’s programs and broad data mining as well as the political aspects of the matter. – We have been able to voice an opinion on the breadth of the spying that is happening against us? – The breadth, the depth, the...

Bruce Schneier: NSA is Wasteful and Dangerous

During a podcast on Occupy Radio, the host and a renowned security expert Bruce Schneier get to discuss the NSA practices in terms of treating citizen privacy and other related issues. – Bruce Schneier is an internationally recognized expert on cryptography and data security. He was dubbed a...

CuteCats.exe and the Arab Spring 3: Surveillance Malware in Libya and Bahrain

Morgan Marquis-Boire finishes his Black Hat presentation with analysis of governmental cyber operations held during protests in a number of other Arab states. Syria isn’t the only country in this region that has experienced these types of operations though. After the success of the revolution in Tunisia,...

CuteCats.exe and the Arab Spring 2: Social Engineering and Remote Access Toolkits

Google’s Morgan Marquis-Boire is focusing on governmental use of topical social engineering, surveillance malware and remote access toolkits in Arab countries. While we’ve seen a steady stream of Facebook phishing attacks, we’ve also seen attacks focusing on Skype and YouTube. Many of you may have...

CuteCats.exe and the Arab Spring: Governments vs Dissidents

Morgan Marquis-Boire, Security Engineer at Google Incident Response Team, analyzes the digital aspect of activism and anti-dissident activities during the Arab Spring. Hello and welcome to CuteCats.exe and the Arab Spring. My name is Morgan Marquis-Boire and I work on the Google Incident Response Team....

The State of Web Exploit Toolkits 4: Phoenix and Newer Kits

The presentation ends with the analysis of the Phoenix exploit kit’s features, details on newer kits from all over the world, and a summary of the research. Phoenix Exploit Kit The next kit I’m going to talk about is Phoenix. It’s been around since 2007, it’s pretty old, it’s up to version 3. They...

The State of Web Exploit Toolkits 3: How BlackHole Works

Jason Jones covers herein some of the specific features inherent to BlackHole kit, including JavaScript and PDF obfuscation details, JavaScript shellcode, etc. Now I’ll actually get a little bit more into how it works. Running all these things through our sandbox, we’ve looked a lot at URLs that it...

The State of Web Exploit Toolkits 2: BlackHole Kit Scrutinized

Jason Jones now provides an intro to the notorious BlackHole exploit kit, explaining some of its background as well as showing the interface that criminals use. The first kit I’m really going to delve into is BlackHole. It’s been around for a couple of years. It’s definitely become the most popular...

The State of Web Exploit Toolkits – Turnkey Cybercrime Software

During his Black Hat briefing, Jason Jones, the Team Lead for ASI at HP DVLabs, presents a professional extensive analysis of the present-day web exploit kits. I’m going to be talking about the state of web exploit toolkits, which is a lot of what I’ve been doing on my job. I’m the Lead for Advanced...

From Russia with Love.exe 5: Questions and Answers

This is the final part of the study where The Grugq and Fyodor Yarochkin are explaining more details of the Russian hacking business during the Q&A section. Yarochkin: Alright, do you have any questions? Question: On your point about the ratios: so, this guy was offering the best ratio; do you know any...

From Russia with Love.exe 4: Geeks, Not Gangsters

You can learn here how much it costs to buy a massive DDoS attack service on Russian hacking forums, and what kind of people those sellers are. The Grugq: So, everyone probably knows Twitter went down some time ago. How much do you think that cost per day, on average? It’s 80 bucks! Come on, 80 bucks to...

From Russia with Love.exe 3: Money Laundering and Botnet Services

In this entry the security analysts are focusing on other popular commodities sold on Russian hacking forums, as well as malware distribution services. Yarochkin: One of the most valuable commodities on these forums is actually ICQ numbers. Even now, as of today, ICQ is one of the primary communication means...

From Russia with Love.exe 2: Virtual Currencies and Identity Dumps

The Grugq and Fyodor Yarochkin now move on to outline the prevalent payment methods on Russian hacking forums and touch upon the goods being traded on there. The Grugq: There’s some really cool identity stuff that they do as well. A lot of the money that gets moved around in these illegal economies is...

From Russia with Love.exe – The Russian Underground Hacking Culture

While participating in HITBSecConf Malaysia, security analysts The Grugq and Fyodor Yarochkin present their study of the ins and outs of the Russian hacking community, hacking forums and culture. The Grugq: Hi everyone. This is Fyodor, I’m Grugq by the way. What this talk is on is it’s basically on the...

The Anatomy of Social Engineering 5: The Reality and Defenses

This entry encompasses the summary of how effectively social engineering exploits the quirks, or flaws, of the human brain, and provides some defense advice. So, in reality these are just tricks that statistically increase the odds of compliance (see right-hand image). And they’re obviously not going to...

The Anatomy of Social Engineering 4: Social Proof, Liking, Authority and Scarcity Flaws

The article continues to describe psychological quirks of the human brain, now focusing on four more flaws that tend to spontaneously affect one’s behavior. 3. Social Proof The next flaw that our brains have is that we try to do and think what other people who seem like us do and think (see right-hand...

The Anatomy of Social Engineering 3: Reciprocity and Consistency Quirks

This section covers some of the natural human quirks, namely reciprocity and consistency, and highlights how those can be used for social engineering. There have been other studies to find out quirks of the human brain, other than the magic word “because”. These 6 quirks I’m going to talk about...

The Anatomy of Social Engineering 2: Evolutionary Triggers

The key subject matter here is how exploiting evolutionary aspects naturally affects humans in terms of manipulative influence and social engineering proper. Ties to Evolution So, let’s talk about social engineering and exploiting the human’s mind, because there’re vulnerabilities in a human mind that...

The Anatomy of Social Engineering

Reflected herein is a study by the Florida State University researchers pertaining to the analysis of social engineering from a psychological perspective. We’re going to talk about social engineering, and perhaps how you can use it to have more fun next week, if you’re not stuck doing work all the time. ...

The Modern History of Cyber Warfare 9: Cybersecurity Hurdles

The lecture wraps up with an overview of the principal policy hurdles for the West in terms of implementing proper cybersecurity now and in the future. Now I will go over, basically, the policy hurdles that the West faces (see right-hand image), specifically this country, the United States. This portion of...

The Modern History of Cyber Warfare 8: A History of Legislature Failure

This part encompasses a retrospective review of US laws and acts as well as pros and cons of current legislative proposals on the surveillance of cyberspace. So, let’s talk about US legislature in this area, or what I subtitled as “a history of failure” (see right-hand image). In the 1980s...

The Modern History of Cyber Warfare 7: Legislation and Policies

Coverage of the existing legislation addressing cybercrime, as well as cooperation of private sector and government in this realm, are reflected in this entry. So, how do we begin making policies and laws with all this uncertainty? It’s really a problem that I’m glad I don’t have to fix. However,...

The Modern History of Cyber Warfare 6: Possible Cyber War Scenario

What gets overviewed herein is the modeling of a cyber war if it were to break out, and the various nuances of attacker attribution in the present-day world. So here’s what the common perception of what a cyber war would look like. There will be, basically, targeted efforts and pervasive cultural efforts...