VB Migration

Mindblown: a blog about philosophy.

  • VB2014 paper: DNSSEC – how far have we come?

    Nick Sullivan describes how DNSSEC uses cryptography to add authentication and integrity to DNS responses. Over the next months, we will be sharing conference papers as well as video recordings of the presentations. Today, we have added ‘DNSSEC – how far have we come?’ by CloudFlare’s Nick Sullivan. It is rather scary to think about…

  • POODLE attack forces the Internet to move away from SSL 3.0

    Users and administrators urged to stop supporting the protocol, or at least to prevent downgrade attacks. After Heartbleed and Shellshock, or the SSL/TLS attacks CRIME and BEAST, ‘POODLE’ does sound rather cute. Yet the vulnerability in version 3.0 of the SSL protocol that was disclosed by Google researchers yesterday is fairly serious and shouldn’t be…

  • Windows zero-day used in targeted attacks

    Vulnerability used to download BlackEnergy trojan – as discussed during VB2014. Today is going to be a busy day for system administrators: they were already on high alert following a rumoured vulnerability in SSLv3, and now they also know that a zero-day vulnerability has been discovered that affects all currently supported versions of Windows .…

  • VB2014 paper: The evolution of webinjects

    Jean-Ian Boutin looks at the increased commoditization of webinjects. Virus Bulletin has always been about sharing information, and the Virus Bulletin conference is an important part of that. We would love to be able to share some of the discussions attendees had during the lunch and coffee breaks, the late-night or early-morning meetings in the…

  • Shellshock used to spread Mayhem

    Malware switched to more effective Perl installer. One of the most prominent discussion topics during VB2014 was the ‘Shellshock’ vulnerability (CVE-2014-6271) in the popular Bash shell for *nix, which was publicly disclosed while the conference was going on in Seattle. The name ‘Shellshock’ started as a joke on Twitter. Considered at least as serious as…

  • Paper: The Hulk

    Raul Alvarez studies cavity file infector. Most file infectors increase the length of the infected file, as the malicious code is added as a new section of the host file, or to the last section of that file. ‘Cavity’ file infectors are different though: they infect files without increasing their size. Today, we publish a…

  • VB2014: Slides day three

    Thanks all for a fantastic conference and see you in Prague… or in Denver! Two days ago, a lively panel discussion closed what we can only describe as a fantastic conference. For those that were here, we hope you enjoyed it as much as we did and we hope you found a lot of inspiration…

  • ‘Windigo’ research wins first annual Péter Szőr award

    The first of many awards to commemorate brilliant researcher. When, in November last year, we heard of the passing of Péter Szőr , we wanted to do something to keep the memory of Péter alive. Not only was Péter a long-serving member of the VB advisory board, a regular contributor to Virus Bulletin magazine and…

  • VB2014: Slides day two

    Another day of excellent presentations. The second day of VB2014 was just as successful as the first one, and saw 22 interesting presentations, divided over two parallel streams, on a wide range of security topics. They included the seven last-minute papers that were added to the programme only three weeks ago. Just as yesterday, many…

  • VB2014: Slides day one

    Almost £1,300 donated to WWF! The inaugural Virus Bulletin conference was held in 1991, making it one of the oldest security conferences in the world. It is also one of very few conferences that travels around the world. This year, the conference is taking place in Seattle, WA, USA and this morning, more than 400…

Got any book recommendations?

Get In Touch