Tuesday, 23 February 2010

BLADE: Hacking Away at Drive-By Downloads

Source: Krebs on Security

Brian Krebs has a short piece on upcoming technology called BLADE, designed to specifically address the problem of drive-by downloads. The article includes some interesting data (in pie charts) on the kinds of things most widely exploited, and the most prevalent exploit kits.

Thursday, 4 February 2010

Climate Crime: Phishing Scam Cripples European Emissions Trading


Phishers have found a new target in their unending quest for a quick buck: greenhouse gas emissions allowances. I will refrain from further comment on the matter.

Researchers penetrate last bastion of Windows security

Source: The Register

Researchers have found an effective technique called "JIT-spray" to work around the protections offered by ASLR (address space layout randomisation) and DEP (data execution prevention), which give Windows Vista and 7 greater protection against malware than was offered by earlier versions. This is significant, because it means a range of known vulnerabilities which were specific to Windows XP are now likely to work against Windows Vista and 7 machines.

Report Details Hacks Targeting Google, Others

Source: Threat Level

Threat Level is running an interesting article on Advanced Persistent Threats (APT): targeted network attacks of the sort which Google disclosed recently. These stand in contrast to the rather more opportunistic threats posed by general malware and botnets. APT attackers intend to infiltrate a specific network and establish a foothold there, granting them unlimited access to documents and data hosted on the network. The practice is startlingly common, with a disproportionately large number of victims among companies which have dealings in or with China.