Mindblown: a blog about philosophy.
-
German anti-botnet advisory recommends the use of ad blockers for security
‘If websites want to include ads, they must make sure they are secure.’ In an open letter to several prominent German websites, Botfrei , the German anti-botnet advisory centre, has defended its advice to users to run advertisement-blocking tools. In the letter (published in German here ), Botfrei ‘s Thorsten Kraft says he understands the…
-
Commoditization increasingly seen in mobile malware
Number of malicious samples and families increase, as Android remains most popular mobile platform. As the number of mobile malware samples in existence continues to grow faster than ever, the mobile threat landscape is looking more and more like that of Windows . Five years ago, a poll of visitors to this website found that…
-
Program turns anti-analysis tools against the malware
Users cautioned to be wary of a false sense of security. Could you defeat VM-aware malware by making your system aware of VM-aware malware? Tricks to frustrate researchers and make automatic analysis more difficult are a common feature of today’s malware. One such trick is to make the malware ‘VM-aware’: it won’t run if it…
-
Microsoft ‘found to make requests’ to URLs shared via Skype
HEAD requests likely used to determine landing page. Is Microsoft checking all the links you share via Skype ? German online magazine Heise thinks so. A reader of security magazine Heise discovered that all URLs sent via Skype chat received a request from an IP address that was registered with Microsoft (which bought Skype in…
-
Twitter, Facebook accounts used in watering hole campaign
USAID sympathizers targeted with links from ‘like-minded people’. Two social networking accounts have been discovered that were used in a recent targeted attack. Opinions on social networking vary, but there are many users who allow apparently like-minded people – that they may otherwise never have come across – to connect with them. Unfortunately, as blogger…
-
Microsoft offers fix-it for IE 8 zero-day
CVE-2013-1347 used in watering hole attacks. Following this weekend’s discovery of a new zero-day vulnerability in version 8 of Microsoft ‘s Internet Explorer browser, the company has released a ‘fix-it’ that addresses the known attack vectors. Last week (ironically on Labour Day), researchers at AlienVault discovered that the website of the US Department of Labor…
-
Vulnerabilities could trigger payload in emails upon receiving or opening
Flaws in IBM Notes and Exim/Dovecot easy to mitigate. Two recently discovered vulnerabilities in mail processing software could give an attacker access to a targeted system without the need for any links to be clicked or attachments to be opened. When email security experts talk about “malicious emails”, they usually mean emails with malware attached,…
-
Opposition activists in Asia and Africa targeted by spyware developed by Western companies
Mozilla angry about use of its brand and logo. A new report has been released on the commercialization of digital spying, which thoroughly analyses a number of pieces of spyware developed by Western companies and used to target opposition activists in various countries in Africa and Asia. CitizenLab , a research institute linked to the…
-
WordPress pingback used for DDoS attacks
Millions of sites could potentially be used in attack. Security firm Incapsula reports that it has discovered a DDoS attack on a gaming website using thousands of legitimate WordPress blogs without the need for them to be compromised. Today’s most common method for DDoS attacks uses DNS amplification (also known as ‘DNS reflection’): a DNS…
-
VB100 XP comparative features new speed vs. detection graph
At-a-glance chart shows both detection rates and impact on system performance. The results of the latest VB100 comparative review were released recently, covering 40 products on Windows XP – possibly our last visit to the platform, given its apparently fast-approaching end-of-life. As usual, it was a pretty epic undertaking for our small team, with all…
Got any book recommendations?