VB Migration

Mindblown: a blog about philosophy.

  • VB2013 last-minute papers and keynote announced

    Hot topics to be covered at VB conference in Berlin. We thought that the 45 previously announced VB2013 papers, together with the panel discussion, already made for a really interesting conference programme, but this week has seen the addition of seven more exciting and topical presentations. For the last seven years, we have set aside…

  • Backdoored standards show we desperately need more cryptographers

    Too few currently possess the skills to verify standards. Recent revelations of the NSA’s crypto-breaking capabilities have led to calls for better cryptography. But we need more cryptographers too. In the 2010 edition of their classic book Cryptography Engineering , Bruce Schneier, Niels Ferguson and Tadayoshi Kohno wrote on the SHA family of hash functions:…

  • Syrian conflict used in pump-and-dump spam

    Short campaign could have had desired effect. Pump-and-dump spam is almost as old as spam itself: emails are sent out promoting worthless ‘penny stocks’, which have been purchased by the scammers before the start of the campaign. The hope is that the hype contained in the emails will encourage others to invest in the stock,…

  • Box-ticking mentality leads to insecurity

    Credit card company fails to understand how authentication works. Security experts often bemoan a ‘box-ticking’ mentality and argue that in many cases ticking boxes doesn’t address the real issues. In some cases, it can even make things less secure. Yesterday I received a call from what was probably my credit card company. The caller asked…

  • Updated botnet likely cause of surge in Tor traffic

    New Tor version should help the network deal with increased traffic. Sometimes a picture says more than a thousand words: The graph shows the daily number of users of the Tor anonymity network over the past three years. As both the network and concerns over anonymity have grown, the usage has shown a slow but…

  • Malware spoofing HTTP Host header to hide C&C communication

    Traffic appears as requests to Google or Yandex. There have been several recent examples of malware using a spoofed HTTP Host header to hide communucation with its control servers. When a web browser sends an HTTP request to a web server, it includes a Host header, containing the host of the site that is requested.…

  • Phone support scams: an old scam with some new tricks

    Files in Prefetch directory supposedly show malware infections. Telephone support scams have been going on for quite a long time, and have received a fair amount of publicity, which often makes me wonder if there are still people who fall for them. A call I received last week proved that the callers haven’t given up.…

  • Kelihos checks machines’ IP addresses against DNS blacklists

    Role of node in a botnet dependent on whether the IP address is blacklisted. Whenever I look at the results of the VBSpam tests, it always amazes me how large a percentage of spam is blocked because the sending IP address appears on a DNS blacklist. It is not that I wouldn’t expect those that…

  • New email header attempts to prevent damage of reissued email addresses

    Transactional emails not delivered if the account’s owner has changed in the meantime. When in June, Yahoo announced it would free up inactive user IDs, it received fierce criticism from the security community. The concern was that many of these user IDs are tied to email addresses that, though dormant, may still be registered as…

  • DNSSEC glitch causes .gov sites to become inaccessible

    Name servers unable to distinguish faulty from rogue responses. A glitch at VeriSign yesterday led to DNSSEC-aware name servers being unable to verify responses on the .gov top-level domain (TLD), which in turn led to many users being unable to access services residing on a .gov domain. It wasn’t a good day for the Internet…

Got any book recommendations?

Get In Touch