November 19, 2012

NON-SECURITY: Definition of 'sale'?

I was doing some grocery shopping the other day and while in the beer isle I noticed a great 'deal'.


Sure would like to know what their definition of 'sale' is.  lolz

November 11, 2012

Windows 8 Runs 7-Year Old Malware (ouch)

One of the key points being marketed about Windows 8 is that it has much better security built into it than previous versions. I find it interesting that Microsoft will be releasing critical patches already.

Anyway, the fine folks at Bitdefender Labs decided to test Windows 8 against some malware and have posted the results. What they found is trully astonishing and I suspect Microsoft isn't going to be thrilled with it.

http://labs.bitdefender.com/2012/11/newest-windows-version-runs-oldest-malware-still-in-wildcore/

November 10, 2012

2008 Malware Challenge Revisited

My buddy Tyler Hudak has posted our a malware challenge contest that we ran in 2008.  We thought it would be a good idea to give those who haven't tried it an opportunity to do so.

Check out the challenge here at Security Shoggoth's blog:
http://secshoggoth.blogspot.com/2012/11/2008-malware-challenge.html#links

August 18, 2012

Wired writers digital life hacked...and wiped


A few weeks ago Wired magazine writer Mat Honan's digital life was completely erased.  The attacker was able to do this in only one hour.  The hack exposed some weaknesses in Apple and Amazon's password reset processes.  These holes have since been closed.

I feel bad for Mat, but this story serves as a good learning lesson in areas such as:
  • Password resent processes
  • Helpdesk personnel training
  • Connecting everything with one email account
  • Backing up your files
Articles:
http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/

Video by Matt:
http://www.wired.com/gadgetlab/2012/08/mat-honan-video/
 

July 5, 2012

Free Local Cleveland Security Event July 13th

Security B-Sides is coming to Cleveland again this year on July 13, 2012. One full day of interesting talks....for FREE! You don't want to miss it. Hurry, seating is limited!

Security B-Sides Cleveland When: Friday, July 13, 2012 Where: Embassy Suites Cleveland - Rockside Address: 5800 Rockside Woods Boulevard, Independence 44131 Cost: Free (as always!)

It is co-sponsored by the Northeast Ohio Information Security Forum (NEOISF.ORG).

Apple & Android Mobile Application Steals Phonebook

I thought I'd share with you a recent blog post from the good folks @ Kaspersky Labs spotlights a suspicious mobile application that they discovered.

The application is called "Find and Call" and is on the iOS Apple App Store and Android’s Google Play that performs malware-type behaviors. It appears to act like a trojan that uploads a user’s phonebook to remote server which results in your contacts receiving SMS spam.

Check out their blog post detailing what they found.

http://www.securelist.com/en/blog/208193641/Find_and_Call_Leak_and_Spam

April 25, 2012

Receive an email from Google? Your website might be hacked

As you know Google scans the websites on the Internet regularly. So it only makes sense that they are able to detect when sites have been hacked. Recently they have notified the webmasters of 20,000 websites where code on the sites redirect visitors to a malicious site. The code they look for in this latest scan is an eval() function used to execute Javascript.

The email provides a link to a page with instructions on how to clean the website: Google's Webmaster Tools support page.

I applaud Google's efforts and would like to see them continue this. A part of me, though, wonders how long until spammers start sending out fakes notices with link to their malicious site. Maybe they should just tell people to visit their search site and search for removing eval function from website -- I'm pretty sure they have the ability to redirect users to their fix page. ;)

This article talks about this item in further detail. http://www.h-online.com/security/news/item/Google-warns-the-operators-of-thousands-of-hacked-web-sites-1542374.html