Security Balancetrying to bring balance to the Force |
 |
Back in 2007 I noticed (together with Fucs and Victor) that botnet creators had to solve a very important issue to keep controlling the infected computers: how to update the location of the controller? Until then they were including the controller location inside the bot code, so it was easy to find to identify it [...]
I have been away from the blog for a while because of a series of reasons, but I couldn’t avoid to comment on this recently published advisory from Microsoft, MS08-067. Just as some worms we witnessed in the past, this one is related to a core Windows service, meaning that almost all boxes are vulnerable. [...]
Now it’s MayDay. Among the things we predicted in our BH presentation: – Using Proxy enabled HTTP – Using ICMP and P2P Almost all of our predictions came true during the last year. The most scary ones, however, still haven’t appeared. Let’s see what happens this year.
I’m having a good conversation about OTP/2FA for online banking in the cisspforum mail list. Tim Bass and Martin Wehlou incredibly good professionals and are adding valuable points to the subject. Martin posted (01/2007) in his blog a very good explanation about the problem that the banks are trying to solve with OTP solutions. He [...]
I’ve just read from the Symantec Security Response Weblog that they detected a trojan that behaves exactly like what I predicted a few years ago: it dynamicly changes the content from wire-transfer transactions, defeating two factor authentication mechanisms. It was also part of my Black Hat presentation last year. What will happen to the two-factor [...]
I was reading at SANS ISC diary about mass compromises by SQL Injection. It seems to be something automated, maybe a botnet or even a worm. What kind of automated threat this is isn’t really what matters here. The most important fact here is that we are now seeing SQL Injection attacks being used by [...]
Since the WMF vulnerability in January 2006 the client applications seemed to become the next target for malware and malicious attackers. I wrote about the evolution of threats and related vulnerabilities at that time. So, it’s not very surprising to see here and here that people are worried about vulnerabilities in software other than the [...]
I’ve just read this on Network World: Botnet-controlled Trojan robbing online bank customers Well, take a look at my presentation in BH Europe this year (March). This was there, as well as the method being used by the malware from that article: “The Trojan has the ability to use a man-in-the-middle attack, a kind of [...]
