Blog Posts Tagged with "Analysis"


Oracle Security Alert Analysis

August 19, 2012 Added by:Alexander Rothacker

So, what is this new vulnerability all about? It’s a privilege escalation vulnerability that gives an attacker SYSDBA privileges. In order to perform the exploit, one needs to have CREATE TABLE and CREATE PROCEDURE privileges as well as EXECUTE privileges on DBMS_STATS package...

Comments  (0)


Yahoo and Billabong Password Dumps Analyzed

July 19, 2012 Added by:Dan Dieterle

Wow, not one, but two massive password dumps in one day. Hackers leaked a very large number of Billabong and Yahoo passwords in plain text with no need to try to crack them. We looked at the passwords using the analysis tool Pipa, and here is what we found...

Comments  (1)


Static Analysis: Hopper’s Decompiler Feature

June 22, 2012 Added by:Fergal Glynn

After reading this tutorial, hopefully binaries will appear less inscrutable and magical, and you will understand why reverse engineers laugh in the face of programmers who think no one will understand their awesome secret algorithm without the source code. Don’t count on “but it’s compiled” as a security feature...

Comments  (0)


Misunderstanding Trust

June 20, 2012 Added by:Kevin W. Wall

I thought that most of the properties of trust were obvious, but was surprised to see someone in security quote a Microsoft software developer that “trust is not transitive”. Apparently there are still software and security engineers who misunderstand trust. I will attempt to clear up this misunderstanding...

Comments  (2)


Counterpoint to F-Secure: Flame is Still Lame

June 18, 2012 Added by:J. Oquendo

I would like to believe that most governments have enough of a clue to avoid walking into a house like a Ninja only to bubble wrap their feet. History has shown us that they do. Does this make them innocent with regards to Flame or Stuxnet, not really, but yields more questions that don't quite add up...

Comments  (0)


Analysis of Passwords Dumped from LinkedIn

June 11, 2012 Added by:Dan Dieterle

People put a lot of personal information on LinkedIn - their education and job experience, along with the groups that they belong to - treasure trove of information to Social Engineers. Of all the online social sites, LinkedIn users should really choose a long complex password to secure their account...

Comments  (0)


Hooray! An Open-Source Password Analyzer Tool...

June 08, 2012 Added by:Brent Huston

The time it takes to crack a password is the only true measure of its worth. Morris has created a tool for administrators that allows them to configure a password policy based on the time to crack, the possible technology that an attacker might be using, and the password protection technology in use...

Comments  (0)


Symantec Flame Analysis: A Sophisticated and Discreet Threat

May 30, 2012 Added by:Headlines

"The modular nature of this malware suggests that a group of developers have created it with the goal of maintaining the project over a long period of time; very likely along with a different set of individuals using the malware. The architecture... allows the authors to change functionality and behavior"...

Comments  (0)


Kaspersky's Problematic Flame Analysis

May 29, 2012 Added by:Jeffrey Carr

I'm beginning to wonder what's going on over at Kaspersky Labs. Kaspersky Labs has called a virus whose only purpose is to steal data a "cyber weapon". Come on, guys. Espionage is not warfare and never has been. Hence a tool created solely to conduct cyber espionage cannot also be legitimately called a cyber weapon...

Comments  (0)


ISO 22301 and BS 25999-2: Similarities and Differences Infographic

May 29, 2012 Added by:Dejan Kosutic

A new business continuity standard (ISO 22301) was published very recently, so in this infographic you'll find a comparison of this new standard with the old BS 25999-2 standard plus ways you can learn more about ISO 22301...

Comments  (0)


Root Cause Analysis (RCA): A Critical Skill

May 24, 2012 Added by:Rafal Los

Recently at TakeDownCon I brought up a term during my offense keynote that I thought the audience would, and should, be familiar with. Unfortunately, when I asked who was familiar with Root Cause Analysis only a few hands out of the whole room went up. This was a bit distressing...

Comments  (0)


New Study Published on Mobile Malware

May 23, 2012 Added by:Beau Woods

Two malware families show that authors have incorporated many sophisticated features to help circumvent detection and frustrate researchers attempting to study the samples, among other things. And their analysis showed that mobile malware is rapidly maturing...

Comments  (0)


Data Mining A Mountain of Zero Day Vulnerabilities

May 22, 2012 Added by:Fergal Glynn

Information leakage happens when sensitive information is displayed to the a user inadvertently. An example would be pathnames or database IP addresses returned within an error message to a user. An attacker can use this information to undermine the system...

Comments  (0)


OS X Flashback Botnet Analysis from Symantec

May 17, 2012 Added by:Headlines

"Utilizing less than 2% of the entire botnet the attackers were able to generate $14,000 in three weeks, meaning that if the attackers were able to use the entire botnet, they could potentially have earned millions of dollars a year..."

Comments  (0)


Logging: Opening Pandora's Box - Part 3 - Paralysis

May 17, 2012 Added by:Rafal Los

Paralysis can come from over-dependence on analysis. You've heard the term "analysis paralysis" where someone spends so much time trying to make the perfect decision while factors change that ultimately no decision is made before the deadline passes or some event happens...

Comments  (0)


IC3: 2011 Internet Crime Report

May 15, 2012 Added by:Plagiarist Paganini

IC3 represents a perfect example of how technological services could help in the prevention and analysis of criminal activities, and highlights that the real weapon against Internet crime is awareness and information sharing...

Comments  (0)

Page « < 1 - 2 - 3 - 4 > »