Wednesday, November 23, 2011
Tuesday, November 22, 2011
Sunday, November 20, 2011
Wednesday, November 9, 2011
Click-jacking
Attaching a nice presentation on the topic of Click-jacking.
http://elie.im/publication/busting-frame-busting-a-study-of-clickjacking-vulnerabilities-on-popular-sites
The presentation and site also describe a "mobile"
version of Click-jacking named Tap-jacking,
and also state the importance of addressing these different
threats on mobile versions of sites (if a specific version was even developed).
Monday, November 7, 2011
Thursday, November 3, 2011
Symantec uncovers Nitro attacks targeting chemical industry
Symantec has revealed yet another
large-scale targeted cyber attack, this time designed primarily to steal
information from chemical and defense companies.
The attack, which seems to be related to China, is part of a growing overall trend in the chemicals market of stealing intellectual property.
The discovery comes during a year in which
many similar attacks have been uncovered, including Night Dragon, Shady RAT and
Lurid, all apparently designed to covertly steal intellectual property from a
range of organizations.
Attached is the original Reuters link which first published the news along with a more detailed analysis of the attack.
Wednesday, November 2, 2011
Tuesday, November 1, 2011
Duqu vs. Stuxnet – more of the same?
Duqu, the newly discovered malware, has
been named by many as a 'predecessor to Stuxnet', but in fact this piece of
sneaky code has its resemblances and differences to the notorious worm.

One of the firms even identified Duqu as a
version of Stuxnet, and their automatic malware analysis determined it was
Stuxnet itself.
On one hand, Duqu is signed with a
legitimate digital certificate; Stuxnet did the same with a different
certificate, obviously the certificate has been revoked upon discovery.
On the other hand, the purpose of Duqu is
entirely different. Some of the uncovered features include keylogging,
autodestruct of itself including many traces and transmitting collected data to
a Command and Control server using encrypted files, and strange image files that
are still under investigation.
Nonetheless, Duqu's level of sophistication
is rare, and it's raison d'ĂȘtre is still remained unsolved.
Keep an eye open on this one, as the story
of Duqu's history is slowly revealed.
Subscribe to:
Posts (Atom)