Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Will 2011 Be the Year of Mobile Malware?

Orome1 Re:Nope (111 comments)

I know :) but I just had to comment anyway :)

more than 3 years ago
top

Will 2011 Be the Year of Mobile Malware?

Orome1 Nope (111 comments)

No, it won't.

more than 3 years ago

Submissions

top

Hijacking Ships and Planes with Cheap GPS Spoofers

Orome1 Orome1 writes  |  about a year ago

Orome1 (1901578) writes "After demonstrating a successful GPS spoofing attack against a drone (UAV — unmanned aerial vehicle) last June, Cockrell School of Engineering Assistant Professor Todd Humphreys and his student research team have now proved that a GPS flaw and a few relatively cheap tools can be used to hijacks both ships and planes. With a laptop, an antenna, and a custom GPS spoofer that cost only $3,000 to build, the team managed to create a false GPS signal that the crew unknowingly accepted as the correct one and used it for navigation, and this resulted in the ship veering way off the original course. In the meantime, The Economist has published a timely and interesting piece about GPS jamming, which supports Humphreys' claims about how simple and trivial is to disrupt the workings of satellite positioning systems."
top

Cisco to Acquire Sourcefire for $2.7 Billion

Orome1 Orome1 writes  |  about a year ago

Orome1 (1901578) writes "Cisco will acquire Sourcefire, a provider of intelligent cybersecurity solutions. Under the terms of the agreement, Cisco will pay $76 per share in cash in exchange for each share of Sourcefire and assume outstanding equity awards for an aggregate purchase price of approximately $2.7 billion, including retention-based incentives. The acquisition has been approved by the board of directors of each company. Once the transaction closes, Cisco will include Sourcefire into its guidance going forward. Prior to the close, Cisco and Sourcefire will continue to operate as separate companies."
top

Study Connects Cybercrime to Job Loss

Orome1 Orome1 writes  |  about a year ago

Orome1 (1901578) writes "After years of guesswork and innumerable attempts to quantify the costly effects of cybercrime on the U.S. and world economies, McAfee engaged the Center for Strategic and International Studies to build an economic model and methodology to accurately estimate these losses, which can be extended worldwide. The report posits a $100 billion annual loss to the U.S. economy and as many as 508,000 U.S. jobs lost as a result of malicious cyber activity. To help measure the real loss from cyber attacks, CSIS enlisted economists, intellectual property experts and security researchers to develop the report. The general accepted range for cybercrime launch was between $100 billion and $500 billion to the global economy."
top

Dissecting Operation Troy: Cyberespionage in South Korea

Orome1 Orome1 writes  |  about a year ago

Orome1 (1901578) writes "While reports on the Dark Seoul and cyberattacks against South Korea have been rampant, no one has yet discovered the true mission behind the attacks. Research conducted by the McAfee Labs teams show a much greater breadth to these attacks, how they operate and how they evade defenses. This is the first time a connection between a series of cyber-events has been discovered."
top

Serious Vulnerabilities in OpenX Expose Millions to Risk

Orome1 Orome1 writes  |  about a year ago

Orome1 (1901578) writes "High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenX, which can be exploited to execute arbitrary PHP code, perform Cross-Site Scripting (XSS) attacks and compromise vulnerable system."
Link to Original Source
top

2.5 Million Californians Had Personal Info Compromised

Orome1 Orome1 writes  |  about a year ago

Orome1 (1901578) writes "Attorney General Kamala D. Harris released the first report detailing the 131 data breaches reported to her office in 2012, showing that 2.5 million Californians had personal information put at risk through an electronic data breach. The average (mean) breach incident involved the information of 22,500 individuals. The median breach size was 2,500 affected individuals, with five breaches of 100,000 or more individuals’ personal information. More than half of the breaches (55 percent) were the result of intentional intrusions by outsiders or by unauthorized insiders. The other 45 percent were largely the result of failures to adopt or carry out appropriate security measures."
top

Cybercrime Market Is All About Cybercrime-as-a-Service

Orome1 Orome1 writes  |  about a year ago

Orome1 (1901578) writes "The cybercrime market is constantly evolving, and it is currently full of knowledgeable individuals who have focused on their core competencies to offer services to those who have not the skills, patience or time to make what they want or need for their criminal exploits. Research-as-a-Service offerings are more gray market than black. The offers are made by commercial companies that find and sell zero-day vulnerabilities to buyers of their choosing (often governments), and by brokers who help vulnerability sellers to get as much money as possible for their knowledge, and help buyers to remain anonymous and acquire information about vulnerabilities they might not otherwise be able to get their hands on. Prices range from $5,000 and more for Adobe Reader zero day vulnerabilities, to $100,000 or even $250,000 for iOS ones."
top

It takes 10 hours to identify a security breach

Orome1 Orome1 writes  |  about a year ago

Orome1 (1901578) writes "Businesses are vulnerable to security breaches due to their inability to properly analyze or store big data, according to McAfee. The ability to detect data breaches within minutes is critical in preventing data loss, yet only 35 percent of firms stated that they have the ability to do this. In fact, more than a fifth (22 percent) said they would need a day to identify a breach, and five percent said this process would take up to a week. On average, organizations reported that it takes 10 hours for a security breach to be recognized. The study of 855 incidents showed that 63 percent took weeks or months to be discovered. The data was taken from these organizations within seconds or minutes in almost half (46 percent) of the cases."
top

Changes to the Java Security Model

Orome1 Orome1 writes  |  about a year ago

Orome1 (1901578) writes "The upcoming security changes in Oracle Java address three long-standing issues with the Java security model. The most significant change is how signed applets are handled. In the past Oracle has suggested that all websites switch to signed applets, advice that contradicts recommendations by security experts, because signing an applet would also confer privileges to escape the sandbox. In fact, signed applets are the original method of escaping the Java sandbox, and have been abused by both attackers and security auditors for the last decade. Metasploit has a module specifically for this purpose. Oracle is changing this model so that signing an applet no longer confers sandbox escape privileges. This is a good thing for security."
top

McAfee to Acquire Stonesoft

Orome1 Orome1 writes  |  about a year ago

Orome1 (1901578) writes "McAfee and Stonesoft today announced a definitive agreement to initiate a conditional tender offer for the acquisition of Stonesoft for approximately $389 million in cash. Stonesoft delivers software-based cyber security solutions to secure information flow and security management. Stonesoft’s product portfolio of next-generation firewalls, evasion prevention systems, and SSL VPN solutions addresses businesses of all sizes."
top

Multi-Stage Exploit Attacks for More Effective Malware Delivery

Orome1 Orome1 writes  |  about a year ago

Orome1 (1901578) writes "Most drive-by exploit kits use a minimal exploit shellcode that downloads and runs the final payload. This is akin to a two-stage ICBM (InterContinental Ballistic Missile) where the first stage, the exploit, puts the rocket in its trajectory and the second stage, the payload, inflicts the damage. In the cybercrime world, the de-coupling of the first stage from the payload is designed to make sure that an exploit kit is as generic as possible and can deliver all possible payloads, provided that the payloads only need native execution. Trusteer found that a Java exploit kit called ‘g01pack’ has added another ‘mid-course’ stage, turning the infection process into a multi-stage attack. The first stage of the attack, the exploit shellcode, executes a second stage, in which a Java class runs in a separate Java process. This second Java process then downloads and runs the final payload. We believe this discovery represents the first instance of an exploit kit delivering its payload via a multi-stage attack."
Link to Original Source
top

Serious website vulnerabilities continue to decrease

Orome1 Orome1 writes  |  about a year ago

Orome1 (1901578) writes "In 2012, the average number of serious vulnerabilities per website continued to decline. Despite this, 86 percent of all websites tested were found to have at least one serious vulnerability exposed to attack every single day of 2012. With the exception of sites in the IT and energy sectors, all industries found fewer vulnerabilities in 2012 than in past years. Government websites had the fewest serious vulnerabilities with eight detected on average per website, followed by banking websites with 11 on average per website."
Link to Original Source
top

Data Thieves and Their Motives

Orome1 Orome1 writes  |  about a year and a half ago

Orome1 (1901578) writes "Large-scale financial cybercrime and state-affiliated espionage dominated the security landscape in 2012, according to a new Verizon Business report. The proportion of incidents involving hacktivists — who act out of ideological motivations or even just for fun — held steady; but the amount of data stolen decreased, as many hacktivists shifted to other methods such as DDoS attacks. These attacks, aimed at paralyzing or disrupting systems, also have significant costs because they impair business and operations. External attacks remain largely responsible for data breaches, with 92 percent of them attributable to outsiders and 14 percent committed by insiders. This category includes organized crime, activist groups, former employees, lone hackers and even organizations sponsored by foreign governments."
top

Mobile Malware Up 163%

Orome1 Orome1 writes  |  about a year and a half ago

Orome1 (1901578) writes "Mobile malware threats increased 163% to more than 65,000 in 2012, according to NQ Mobile. The problem is becoming more complex as smarter mobile malware can better target connected devices. Nearly 95 percent of all mobile malware discovered in 2012 targeted Android. The top three methods for delivering malware in 2012 were app repackaging, malicious URLs, and smishing. Tthese forms of malware helped infect an estimated 32.8 million Android devices in 2012 — an increase of over 200 percent from 2011."
top

Most IT Admins Considering Quitting Due to Stress

Orome1 Orome1 writes  |  about a year and a half ago

Orome1 (1901578) writes "The number of IT professionals considering leaving their job due to workplace stress has jumped from 69% last year to 73%. One-third of those surveyed cited dealing with managers as their most stressful job requirement, particularly for IT staff in larger organisations, while handling end user support requests, budget squeeze and tight deadlines were also singled out as the main causes of workplace stress for IT managers. Although users are not causing IT staff as much stress as they used to, it isn’t stopping them from creating moments that make IT admins want to tear their hair out in frustration. Of great concern is the impact that work stress is having on health and relationships. While a total of 80% of participants revealed that their job had negatively impacted their personal life in some way, the survey discovered some significant personal impact: 18% have suffered stress-related health issues due to their work, and 28% have lost sleep due to work."
Link to Original Source
top

Kickstart a Documentary About Hackers in Uganda

Orome1 Orome1 writes  |  about a year and a half ago

Orome1 (1901578) writes "Hackers For Charity (HFC) is a non-profit that provides food, equipment and computer education to the world's poorest citizens. Their aim is to teach people IT skills they can use to support themselves and their families. While HFC is admired in hacker circles and has volunteers worldwide, their efforts are not widely-know. But the good news is that a Kickstarter project has been launched to change this by filming a documentary showcasing their work in Uganda. The documentary will showcase the implications of international humanitarian aid in the non-Western world and illustrate the obstacles and triumphs HFC staff members deal with on a daily basis. The filmmakers will also focus on teachers and a few students, who will be followed in both their student and private lives."
Link to Original Source
top

On US, China, Cyber Espionage, and Cyber War

Orome1 Orome1 writes  |  about a year and a half ago

Orome1 (1901578) writes "The U.S. government, politicians, intelligence community, military and private sector companies are, most often than not, blaming Chinese hackers for every breach and compromise — whether they have indications that their claims might be true, or simply because they have been conditioned to point the finger that way. The publishing of Mandiant's APT1 report offered a welcome confirmation of their beliefs, and has definitely signaled a change: the accusations now have a formal leg to stand on — despite it still being shaky, and the fact that China continues to refute the charges laid at its door."
Link to Original Source
top

Critical Samsung Android Phone Vulnerabilities

Orome1 Orome1 writes  |  about a year and a half ago

Orome1 (1901578) writes "Tired of waiting for Samsung to fix a string of critical flaws in their smartphones running Android, Italian security researcher Roberto Paleari has decided to inform the public about the seriousness of the matter and maybe make the company pick up the pace. Mindful of the danger that the vulnerabilities present to the users if they are exploited by malicious individuals, he decided not to share any technical details, but to just give a broad overview of what their misuse would allow. This includes a silent installation of highly-privileged applications with no user interaction and an app performing almost any action on the victim's phone."
Link to Original Source
top

Becoming a Malware Analyst

Orome1 Orome1 writes  |  about a year and a half ago

Orome1 (1901578) writes "Have you ever wondered how malware analysts start their career? What lead them to it? What their job entails on a daily basis? What qualities, skills and tools they consider essential? If you're considering a future in malware research, this article might just tip you towards it, as malware analysts from Symantec, Kaspersky Lab, McAfee, Avast, Bitdefender and Fortinet share their experiences and thoughts, and point you towards the dos and don'ts of being and becoming successful in this rewarding profession."
Link to Original Source
top

99 Percent of Web Apps Vulnerable to Attack

Orome1 Orome1 writes  |  about a year and a half ago

Orome1 (1901578) writes "A new Cenzic report demonstrates that the overwhelming presence of web application vulnerabilities remains a constant problem, with an astounding 99 percent of applications tested revealing security risks, while additionally shedding light on pressing vulnerabilities within mobile application security. The exposure that organizations face from the trove of existing application vulnerabilities and from evolving threats has been laid bare this year, however most organizations have not comprehensively acted to defend themselves from these application level threats. This trend continues to get worse; as the rush to create a multitude of connected mobile apps has led corporations to essentially rip out walls and replace them with unlocked doors, leaving them even less aware of how to secure at scale."
Link to Original Source

Journals

Orome1 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?