Finding Executable Hijacking Opportunities: DLL Hijacking is nothing new and there are a number of ways to find the issue, but the best way I have found is a bit more forceful method using a network share. First we need a network share that we can 1. monitor every request failed or not, and 2. […]

Test ‘reveals Facebook, Twitter and Google snoop on emails’: Study of net giants spurs new privacy concerns: Facebook, Twitter and Google have been caught snooping on messages sent across their networks, new research claims, prompting campaigners to express concerns over privacy. The findings emerged from  an experiment conducted following revelations by US security contractor Edward […]

Windows 8 Picture Passwords Easily Cracked: It appears that picture gesture authentication (PGA) achieves only one of the two. Security researchers at Arizona State University and Delaware State University have found that Windows 8 picture passwords can be cracked with relative ease. In a paper presented at the Usenix Conference earlier this month, “On the […]

Modifying the HC: The HC-05, a Bluetooth to serial bridge, can be found for around $5 on the internet and therefore may be the cheapest way to add Bluetooth connectivity to your project. However, its default settings may need to be changed depending on your application. [Hazim] explains a way to enter the HC-05 AT […]

Anatomy of a killer bug: How just 5 characters can murder iPhone, Mac apps: Apple’s CoreText rendering system uses signed integers to pass around array indexes and string lengths. A negative length, -1, is passed unchecked to a library function which uses it as an unsigned long integer to set the bounds of an array. […]

‘Black budget’ summary details U.S. spy network’s successes, failures and objectives: The $52.6 billion “black budget” for fiscal 2013, obtained by The Washington Post from former ­intelligence contractor Edward Snowden, maps a bureaucratic and operational landscape that has never been subject to public scrutiny. Although the government has annually released its overall level of intelligence spending […]

Trendnet ruling heralds crackdown on insecure home webcams: A company whose home cameras were hacked, causing privacy intrusions for hundreds of people, has been admonished by the US Federal Trade Commission. The FTC scolded manufacturer Trendnet for the weaknesses that meant supposedly private video feeds were in fact viewable by anyone online. The company is now […]

The most sophisticated Android Trojan: Recently, an Android application came to us for analysis. At a glance, we knew this one was special. All strings in the DEX file were encrypted, and the code was obfuscated. The file turned out to be a multi-functional Trojan, capable of the following: sending SMS to premium-rate numbers; downloading […]

Obad.a Trojan now being distributed via mobile botnets : The most interesting of these methods were the ones where Obad.a was distributed along with another mobile Trojan – SMS.AndroidOS.Opfake.a. This was recently described in the blog GCM in malicious attachments.  The double infection attempt starts when a user gets a text message containing the following […]

A Russian Botnet Is Attacking The Secret Internet For Criminals — And No One Knows Why : Tor, the anonymous, encrypted, parallel web network favored by drug dealers, pedophiles, and privacy activists, is under attack from a Russian botnet and no one knows why. A huge uptick in traffic was noticed on Tor in the last […]