Blog Posts Tagged with "Analysis"


Symantec Reverse Engineers OS X Flashback Malware

May 14, 2012 Added by:Headlines

Symantec researchers reverse engineered components of the Flashback malware that recently infected more than 600,000 Mac systems and reveal that it was designed in part as a highly profitable ad-clicking operation that could be net the Trojan's creators $10,000 per day...

Comments  (0)


Logging: Opening Pandora's Box - Part 2 - Elation

May 10, 2012 Added by:Rafal Los

Once you get over the anxiety of logging, a wave of elation generally hits. Whether you're getting excited about being able to catch evil-doers in the act, or the capability to notice system failures before they happen logging can save your skin more than you'd think...

Comments  (0)


Logging: Opening Pandora's Box - Part 1 - Anxiety

May 09, 2012 Added by:Rafal Los

You're probably worried that log analysis is going to consume all of your time, or you'll find out that your organization has been pwn3d for years and all your data has been exfiltrated in real-time and your latest database is being copied off to China... aren't you?

Comments  (0)


Security: Is it Who or What That is Important?

May 04, 2012 Added by:PCI Guru

There is a very active discussion going on in security circles about understanding adversaries and how that impacts security strategy. I have taken a contrarian position in this argument and have stated that, in the scheme of things, I do not believe that you need to waste time understanding your enemy...

Comments  (6)


OpenX CSRF Vulnerability Being Actively Exploited

April 30, 2012 Added by:Mark Baldwin

This vulnerability from July 2011 is still present in the latest version of OpenX Source (version 2.8.8). Moreover, this vulnerability is being actively exploited to compromise OpenX Source installations in order to serve malicious content via banner ads...

Comments  (2)


Making an Intelligent, Defensible Trust Valuation

April 23, 2012 Added by:Rafal Los

Is trust a binary decision? Can you trust something to varying levels? These are important questions for any security professional to have good answers to. Applying this logic to computing - can we ever really trust any computer environment, system, or application?

Comments  (0)


Adobe Releases Open Source Malware Analyzer Tool

April 03, 2012 Added by:Headlines

"Malware Classifier uses machine learning algorithms to classify Win32 binaries – EXEs and DLLs – into three classes: 0 for 'clean,' 1 for 'malicious,' or 'UNKNOWN.' The tool extracts seven key features from a binary, feeds them to one or all of the four classifiers..."

Comments  (0)


It’s Data Breach Report Season: Beware Of Partial Truths

April 01, 2012 Added by:Josh Shaul

At the end of the day, these reports are important. They provide much needed insight into at least some data breaches. But we have to accept that this isn't the U.S. Census. We must learn what we can from them without becoming hypnotized by the hype that can surround them...

Comments  (1)


Vendor Research: Look These Gift Horses in the Mouth

March 29, 2012 Added by:Jack Daniel

The problem is that a lot of the data leaves me wanting more. More details on the data we get, just plain “more data”, and more context. I also want more honesty about the shortcomings of the reports and data. Let’s not even talk about some of the bizarre conclusions...

Comments  (0)


Vulnerability Remediation: No More Traffic Signals

March 22, 2012 Added by:Ed Bellis

When you dig into the issue of prioritization it can be complex. Adding to the complexity, factors are often different from organization to organization. I am all for breaking things down to their simplest parts by obfuscating the complex factors, not by eliminating them...

Comments  (2)


In Fifty Gigabytes, Turn Left: Data-Driven Security

March 08, 2012 Added by:Wendy Nather

If you break security events down, you're generally looking for two things: normal activities that are being done by the wrong people, or abnormal activities being done by the right people. And by people I also mean systems, but it's sometimes hard to tell the difference...

Comments  (0)


MS08_068 + MS10_046 = FUN UNTIL 2018

March 06, 2012 Added by:Rob Fuller

If you are on an internal penetration test and either exploit a machine or find an open share, you can create an LNK file with an icon that points at a nonexistent share on your attacking machine's IP...

Comments  (0)


Leveraging Email Lists for Detecting Botnet IPs

March 04, 2012 Added by:Gianluca Stringhini

We propose a third way of performing botnet mitigation. Instead of learning different features to identify and attack the different botnets, we study how bots behave when sending spam, allow us to distinguish between bot infected machines and legitimate users...

Comments  (0)


Log Management: Debugging Security

February 18, 2012 Added by:Danny Lieberman

Logs are key to security management not only for understanding what and why an event happened but also in order to prove regulatory compliance. The business requirements are that security logs should be both relevant and effective...

Comments  (0)


AdiOS: Say Goodbye to Nosy iPhone Apps

February 16, 2012 Added by:Fergal Glynn

I put together a free utility called AdiOS (Addressbook Detector for iOS) that lets Mac users scan the iOS apps in your iTunes directory to see if they have the potential to dump your phone book externally. AdiOS detects apps that access your address book using a binary grep...

Comments  (0)


Remember, Security Predictions Make...

February 15, 2012 Added by:Wendy Nather

Security predictions can be a great way of starting conversations if you look at them the right way. If you look at them the wrong way, they're great for raising a huge chorus of "Nuh-UH!" or even "You're kidding, right? Call the coroner..."

Comments  (0)

Page « < 1 - 2 - 3 - 4 > »
Most Liked