Swedish Police Opens Criminal Complaint File ahead of Wednesday’s Obama Visit to Sweden: Julian Assange’s lawyer Per E. Samuelson confirmed that Swedish police opened a criminal complaint file at 11.35 under case number 0201 K 268906-13. The complaint was delivered to Arlanda police at 09:24 this morning. This is the first of four criminal complaints […]

Has Facebook violated its 2011 Federal Trade Commission settlement?: The top six privacy organisations in the US – the Electronic Privacy Information Center, Center for Digital Democracy, Consumer Watchdog, Patient Privacy Rights, U.S. PIRG, and the Privacy Rights Clearinghouse – sent a joint letter to politicians and regulators on Wednesday asking for some of Facebook’s […]

Clear next Tues: Incoming Outlook, IE, Windows critical security patches • The Register: Microsoft will squash 14 sets of security vulnerabilities – four of which are deemed critical – in the next edition of its monthly batch of Patch Tuesday updates, due next week. Those four critical patches will address flaws in the Sharepoint server […]

CVE-2013-1763 sock_diag_handlers Local Root Exploit Analysis: In this article we will analyze the exploit released by Kacper Szczesniak for CVE -2013-1763. In simple terms this exploit takes advantage of a vulnerability at kernel-level of the array sock_diag_handlers, and allows a local user to gain privileges of “root” on the system. Before starting the analysis, however, the underlying […]

Quick Volatility overview and R.E. analysis of Win32.Chebri: In this article we will start from the physical memory dump of a machine suspected of malware compromise, successively with volatility we will establish if the machine is infected and produce evidences from memory artifacts. In the next steps the malicious component will be carved from memory […]

A Few Thoughts on Cryptographic Engineering: On the NSA: If you haven’t read the NYT or Guardian stories, you probably should. The TL;DR is that the NSA has been doing some very bad things. At a combined cost of $250 million per year, they include: Tampering with national standards (NIST is specifically mentioned) to promote […]

Mitigating Targeted Attacks on Your Organization: Almost every CISO or executive with security related responsibilities that I have talked to over the past couple of years has expressed interest in learning how to improve their security posture to better mitigate the risks posed by “APT” (Advanced Persistent Threats) style attacks.  At Microsoft we don’t use […]

History of memory corruption vulnerabilities and exploits: I came across a great paper, “Memory Errors: The Past, the Present, and the Future” by van der Veen et al. The authors cover the history of memory corruption errors as well as exploitation and countermeasures. I think there are a number of interesting conclusions to draw from […]

Study finds online privacy concerns on the rise: Lynn Boyden, a college professor in Los Angeles who teaches website design, says she has developed two identities online: a public one for her professional life and a private one that only a few close friends can access. She tries to block advertising trackers when she can […]

Women Sell Positive Pregnancy Tests on Craigslist: Pregnant women across the country have taken to Craigslist to sell positive pregnancy tests for about $25 a pop.Some ads suggest buyers use the tests to finally get longtime boyfriends to propose. Others suggest pranking mom and dad. And one even suggests asking for money for an abortion […]