Blog Posts Tagged with "Analysis"

B451da363bb08b9a81ceadbadb5133ef

Oracle Security Alert Analysis

August 19, 2012 Added by:Alexander Rothacker

So, what is this new vulnerability all about? It’s a privilege escalation vulnerability that gives an attacker SYSDBA privileges. In order to perform the exploit, one needs to have CREATE TABLE and CREATE PROCEDURE privileges as well as EXECUTE privileges on DBMS_STATS package...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Yahoo and Billabong Password Dumps Analyzed

July 19, 2012 Added by:Dan Dieterle

Wow, not one, but two massive password dumps in one day. Hackers leaked a very large number of Billabong and Yahoo passwords in plain text with no need to try to crack them. We looked at the passwords using the analysis tool Pipa, and here is what we found...

Comments  (1)

68b48711426f3b082ab24e5746a66b36

Static Analysis: Hopper’s Decompiler Feature

June 22, 2012 Added by:Fergal Glynn

After reading this tutorial, hopefully binaries will appear less inscrutable and magical, and you will understand why reverse engineers laugh in the face of programmers who think no one will understand their awesome secret algorithm without the source code. Don’t count on “but it’s compiled” as a security feature...

Comments  (0)

B35ca22fce3b7eb394e8f5f0094f495f

Misunderstanding Trust

June 20, 2012 Added by:Kevin W. Wall

I thought that most of the properties of trust were obvious, but was surprised to see someone in security quote a Microsoft software developer that “trust is not transitive”. Apparently there are still software and security engineers who misunderstand trust. I will attempt to clear up this misunderstanding...

Comments  (2)

850c7a8a30fa40cf01a9db756b49155a

Counterpoint to F-Secure: Flame is Still Lame

June 18, 2012 Added by:J. Oquendo

I would like to believe that most governments have enough of a clue to avoid walking into a house like a Ninja only to bubble wrap their feet. History has shown us that they do. Does this make them innocent with regards to Flame or Stuxnet, not really, but yields more questions that don't quite add up...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Analysis of Passwords Dumped from LinkedIn

June 11, 2012 Added by:Dan Dieterle

People put a lot of personal information on LinkedIn - their education and job experience, along with the groups that they belong to - treasure trove of information to Social Engineers. Of all the online social sites, LinkedIn users should really choose a long complex password to secure their account...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Hooray! An Open-Source Password Analyzer Tool...

June 08, 2012 Added by:Brent Huston

The time it takes to crack a password is the only true measure of its worth. Morris has created a tool for administrators that allows them to configure a password policy based on the time to crack, the possible technology that an attacker might be using, and the password protection technology in use...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Symantec Flame Analysis: A Sophisticated and Discreet Threat

May 30, 2012 Added by:Headlines

"The modular nature of this malware suggests that a group of developers have created it with the goal of maintaining the project over a long period of time; very likely along with a different set of individuals using the malware. The architecture... allows the authors to change functionality and behavior"...

Comments  (0)

296634767383f056e82787fcb3b94864

Kaspersky's Problematic Flame Analysis

May 29, 2012 Added by:Jeffrey Carr

I'm beginning to wonder what's going on over at Kaspersky Labs. Kaspersky Labs has called a virus whose only purpose is to steal data a "cyber weapon". Come on, guys. Espionage is not warfare and never has been. Hence a tool created solely to conduct cyber espionage cannot also be legitimately called a cyber weapon...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

ISO 22301 and BS 25999-2: Similarities and Differences Infographic

May 29, 2012 Added by:Dejan Kosutic

A new business continuity standard (ISO 22301) was published very recently, so in this infographic you'll find a comparison of this new standard with the old BS 25999-2 standard plus ways you can learn more about ISO 22301...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Root Cause Analysis (RCA): A Critical Skill

May 24, 2012 Added by:Rafal Los

Recently at TakeDownCon I brought up a term during my offense keynote that I thought the audience would, and should, be familiar with. Unfortunately, when I asked who was familiar with Root Cause Analysis only a few hands out of the whole room went up. This was a bit distressing...

Comments  (0)

B9d9352326e5421a02e698a51d10ad2c

New Study Published on Mobile Malware

May 23, 2012 Added by:Beau Woods

Two malware families show that authors have incorporated many sophisticated features to help circumvent detection and frustrate researchers attempting to study the samples, among other things. And their analysis showed that mobile malware is rapidly maturing...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Data Mining A Mountain of Zero Day Vulnerabilities

May 22, 2012 Added by:Fergal Glynn

Information leakage happens when sensitive information is displayed to the a user inadvertently. An example would be pathnames or database IP addresses returned within an error message to a user. An attacker can use this information to undermine the system...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

OS X Flashback Botnet Analysis from Symantec

May 17, 2012 Added by:Headlines

"Utilizing less than 2% of the entire botnet the attackers were able to generate $14,000 in three weeks, meaning that if the attackers were able to use the entire botnet, they could potentially have earned millions of dollars a year..."

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Logging: Opening Pandora's Box - Part 3 - Paralysis

May 17, 2012 Added by:Rafal Los

Paralysis can come from over-dependence on analysis. You've heard the term "analysis paralysis" where someone spends so much time trying to make the perfect decision while factors change that ultimately no decision is made before the deadline passes or some event happens...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

IC3: 2011 Internet Crime Report

May 15, 2012 Added by:Pierluigi Paganini

IC3 represents a perfect example of how technological services could help in the prevention and analysis of criminal activities, and highlights that the real weapon against Internet crime is awareness and information sharing...

Comments  (0)

Page « < 1 - 2 - 3 - 4 > »