VB Migration

Category: blog

  • AOL spam spreads ‘NotCompatible’ Android trojan

    AOL responds by following Yahoo! in setting strict DMARC policy. This week, #AOLhacked has become a popular hashtag on Twitter : many AOL users are using it to complain that their email address had been sending spam to their contacts. Those who click the link in the emails – never a wise thing to do…

  • Yahoo’s DMARC policy wreaks havoc among mailing lists

    Collateral damage in instruction to reject emails with invalid DKIM signatures. A change in Yahoo ‘s DMARC policy has caused frustration among operators of many mailing lists and their subscribers. On its official website , DMARC is described as standardizing “how email receivers perform email authentication using the well-known SPF and DKIM mechanisms”. It was…

  • A week of Heartbleed

    OpenSSL vulnerability has kept the security community busy. The ‘Heartbleed’ vulnerability has kept everyone on their toes over the last week or so – hitting the mainstream media, prompting widespread warnings for users to change their passwords, and causing many admins to review the security of their web servers. Bruce Schneier, who is not known…

  • VB2014 programme and keynote announced

    Exciting range of topics to be covered at VB conference in Seattle this September; Katie Moussouris to deliver keynote address. Altogether, almost 150 proposals were submitted for this year’s VB Conference , and it was no easy task for the selection committee to whittle down the choices – indeed, there were many very decent papers…

  • OpenSSL vulnerability lets attackers quietly steal servers’ private keys

    Security firm advises regenerating keys and replacing certificates on vulnerable servers. A very serious vulnerability in OpenSSL has caused panic among network administrators: CVE-2014-0160 allows an attacker to read the memory of a vulnerable server and thus obtain private encryption keys, passwords and other kinds of sensitive information. OpenSSL is a widely used open-source implementation…

  • IEEE announces Anti-Malware Support Service

    ‘Software taggant system’ and ‘clean file metadata exchange’ discussed at previous VB conferences. Wouldn’t it be nice if providers of software packers included a licence key in the packer, so that anti-malware solutions could distinguish legitimate from malign use – and, if needed, blacklist those keys used by malware authors? And wouldn’t it also be…

  • ‘Cyberdanger’ informs general audience of IT security

    Eddy Willems’ book is a pleasant read on an important subject. Security expert Eddy Willems has written a book. The friendly Belgian, currently G Data ‘s Security Evangelist, is a veteran of the security industry – and usually, that mere fact would make many a reader of this blog run to the nearest book shop…

  • Researchers crack ransomware encryption

    ‘Bitcrypt’ authors confused their bytes and digits. Two French researchers have found a serious vulnerability in a new piece of ransomware that has allowed them to crack the keys used by the malware to encrypt the victim’s files. CryptoLocker has become known as the unfortunate crypto success story of 2013. While stories about broken cryptography…

  • Windows Error Reporting used to discover new attacks

    No excuse for sending error reports in cleartext. All happy programs are the same. But each unhappy program crashes in its own way. In a report published yesterday, security firm Websense has shown how Windows Error Reporting can be used to detect hitherto unknown attacks. Windows Error Reporting was introduced by Microsoft with Windows XP…

  • Tech support scammers won’t give up

    M3AAWG workshop to deal with fighting telephony abuse. For security researchers like myself, receiving a call from a tech support scammer is usually a good opportunity for a bit of fun. Indeed, telephone conversations with scammers can be quite hilarious as a recent recording by blogger Troy Hunt shows. Of course, for those who are…