Trusted research on email, mobile, web, and DNS security.
Starting on October 28, we saw a new hook used to try and trick users into installing a Trojan on their computer – Free Pizza. Fans of Robert Heinlein will be familiar with the acronym TANSTAAFL – There Ain’t No Such Thing As A Free Lunch. In this case TANSTAAFPE – There Ain’t No Such […]
Abuse of global DNS infrastructure for the purpose of distributed denial-of-service (DDoS) attacks on various Internet services has been a hot topic in the news for some time now. But there is another unintended use of DNS that can be exploited for a wide range of purposes: DNS tunneling. These purposes can range from benign […]
Shellshock has been getting a lot of press as the worst security bug ever, but while it is terribly embarrassing for the open source movement, I believe the real world impact will be fairly limited. The bug is a fundamental flaw in bash, the command line interface on most Linux and Mac machines. (For once […]
The risk posed by vulnerable home internet routers was a common theme at this year’s Black Hat and DEF CON conferences. These devices are becoming notorious for having security vulnerabilities, which often go unpatched. The SOHOpelessly Broken contest at DEF CON provided a dramatic demonstration of these flaws, as contestants attacked consumer-grade routers and quickly broke into them. But […]
Just in time for the Black Hat convention, the New York Times is reporting the discovery by Hold Security that a team of Russian Hackers have collected a total of 1.2 billion user names and passwords from 420,000 different websites, along with 542 million email addresses. Although this dwarfs the Target breach in sheer volume, […]
Just when the plague of hacked web servers seemed to be dying down a little, we hear of a new exploit for Joomla. While we haven’t seen this exploit being used by spammers yet, it will likely turn up in coming weeks. In the meantime, there are already two easy exploits in Joomla 1.5 that […]
