Tag: vb2015
-
VB2015 paper: Will Android Trojans, Worms or Rootkits Survive in SEAndroid and Containerization?
Google ‘s Android operating system may have a bit of a bad reputation when it comes to security, but it’s worth noting that recent versions of the operating system have been hardened a lot. In a paper presented at VB2015, Sophos researchers Rowland Yu and William Lee look at two recent security enhancements, Security Enhancements…
-
VB2015 paper: Sizing cybercrime: incidents and accidents, hints and allegations
How big is cybercrime? Various attempts have been made to measure the size of cybercrime around the world, or in individual countries, but how reliable are the methodologies used, and what do they actually measure? In the paper ” Sizing cybercrime: incidents and accidents, hints and allegations ” presented at VB2015 in Prague, ESET researcher…
-
VB2015 video: TurlaSat: The Fault in our Stars
Kurt Baumgartner talks about Turla’s extraplanetary activities. Despite the hype around the subject, the tools used by most so-called APT groups are surprisingly mundane. But there are exceptions. In September 2015, researchers at Kaspersky Lab published research on the Turla APT group (also known as Uroburos or Snake), which hijacked satellite Internet links for command…
-
Security vendors should embrace those hunting bugs in their products
Security software is software too — and it will have flaws. Last week, I was interviewed for the Risky Business podcast . I really enjoyed the experience, not just because I’ve long been a fan of the show, but also because we discussed a subject I really care about: the security of security products. If…
-
VB2015 paper: Effectively testing APT defences
Simon Edwards discusses how to test the potentially untestable. Like the term or loathe it, APTs have given rise to a new generation of security products that protect against these more targeted and sometimes more advanced threats. Often, such products come with bold claims about how they are able to fend off such threats in…
-
VB2015 paper: The ethics and perils of APT research: an unexpected transition into intelligence brokerage
Juan Andrés Guerrero-Saade discusses the perils and ethical conundrums that arise as the industry enters a new playing field. Many security researchers have been part of the security community for long enough to remember the days when the typical adversary was a 17-year-old teenager operating from their bedroom. These days, however, some of the adversaries…
-
VB2015 paper: Digital ‘Bian Lian’ (face changing): the Skeleton Key malware
Microsoft, Dell SecureWorks researchers analyse malware targeting Active Directory servers. A year ago, researchers from Dell SecureWorks discovered a new kind of malware, dubbed ‘Skeleton Key’, that was used in targeted attacks. The malware, which was installed on the target’s domain controller, allowed the attacker to login as any user and thus perform any number…
-
VB2015 video: Making a dent in Russian mobile banking phishing
Sebastian Porst explains what Google has done to protect users from phishing apps targeting Russian banks. In the last few years, mobile malware has evolved from a mostly theoretical threat to a very serious one that affects many users. Indeed, several talks at VB2015 dealt with various aspects of mobile security in general and that…
-
The Internet of Bad Things, Observed
In his VB2015 keynote address, Ross Anderson described attacks against EMV cards. The VB2015 opening keynote by Ross Anderson could hardly have been more timely. In his talk “The Internet of Bad Things, Observed”, the Cambridge professor looked at various attacks against the EMV standard for payment cards — attacks that have been used to…
-
VB2015 ‘Steganoprague’ competition
Use your steganography-detection skills and win a pile of books. As VB2015 is about to begin, we announce the second part of the ‘ Steganoprague ‘ competition. In this part, you will have to find URLs hidden by others inside an image provided by us. The puzzle can be played by anyone, but if you…