VB Migration

Mindblown: a blog about philosophy.

  • Researchers demonstrate how IPv6 can easily be used to perform MitM attacks

    Many devices simply waiting for router advertisements, good or evil. When early last year I was doing research for an article on IPv6 and security, I was surprised to learn how easy it was to set up an IPv6 tunnel into an IPv4-only environment. I expected this could easily be used in various nefarious ways.…

  • ATM manufacturer pays respects to hacker who broke into its systems

    Both Barnaby Jack and Triton showed how white-hat hacking should be done. A tribute to the late Barnaby Jack by the company whose systems he hacked shows how hackers can really help make the world a safer place. When New Zealand hacker Barnaby Jack suddendly died last month, the Internet was awash with tributes to…

  • Are Gmail’s new advertisements in breach of CAN-SPAM?

    Marketers upset about ’emails’ that you can’t unsubscribe from. A debate is happening among (anti-)spam experts on whether Gmail ‘s new way of displaying advertisements is in breach of anti-spam laws. It is easy to underestimate the importance of anti-spam laws. Of course, most of the spam sent today would be illegal, even without laws…

  • Thousands of websites affected by nameserver hijack redirecting visitors to malware

    DNS caching causes attack to have a long tail. Yesterday, visitors to thousands of Dutch websites were served an ‘under construction’ page that, through a hidden iframe, was serving the Blackhole exploit kit. The sites were hosted by three hosting companies that share both a parent company and, more importantly in this case, nameservers for…

  • Firefox 17 zero-day exploit targets users of Tor network

    Visitors to child abuse websites likely target of operation, but will there be collateral damage? A zero-day exploit in Firefox 17 that was probably used to track the visitors to child abuse websites hosted on the Tor network will spark further debate on the notion of “good malware” and could lead to very serious false…

  • There is no ‘I know what I am doing’ trump card in security

    NSA activities could make millions avoid US-based services. We have all been there. To continue the product you’re working on, you need to get some extra permission: a port needs to be opened, or perhaps some files need to be uploaded onto a protected system. You ask the IT department for this permission and, much…

  • Is publishing your employees’ email addresses such a big deal?

    Beware of a false sense of security. Security blogger Graham Cluley points to hypocrisy in a KPMG press release in which it criticises FTSE 350 companies for ‘leaking data that can be used by cyber attackers’, while making the same mistake themselves. KPMG found that every single company in the FTSE 350 index (the 350…

  • IETF discusses deprecation of IPv6 fragmentation

    Little-used feature could have unintended security consequences. As the Internet is (very) slowly migrating towards IPv6, researchers are reconsidering a little-used feature that allows for IPv6 packets to be fragmented by the sender and reassembled by the recipient. Last year, we published an article on the security implications of the transition from IPv4 to IPv6.…

  • Compromised Yahoo! accounts continue to spread Android malware

    Problem likely to be on Yahoo!’s side. In recent weeks, we have noticed an uptick in the amount of spam sent from compromised Yahoo! accounts; we have reasons to believe the problems are on Yahoo! ‘s side, rather than that of its users’. Spam sent from compromised accounts is notoriously hard to filter: the sender…

  • VB2013 speaker spotlight

    We speak to VB2013 presenters Lysa Myers and David Harley about their research interests and what they aim to bring to the conference. The VB2013 conference takes place this autumn (2-4 October) in Berlin, with an exciting programme that covers many of today’s most pertinent security-related topics. In the build-up to the event we will…

Got any book recommendations?

Get In Touch