Videos

Threatpost editor Dennis Fisher and Kaspersky Lab's Costin Raiu discuss the timing of the Duqu attacks, how that may hint at the identities of its creator and what other mysteries about the worm remain. Read more »

A new banking Trojan variant can bypass CAPTCHA, as demonstrated by a video posted today by security firm Websense on their Security Labs blog. Read more »

The security of Android devices has come under quite a lot of scrutiny in recent months, with researchers identifying various root exploits and permission leaks that could be exploited. In this video, researcher Thomas Cannon of ViaForensics demonstrates a method for setting up a remote shell on an Android device without using any exploits or vulnerabilities. The method works on various versions of Android, up to and including Gingerbread. Read more »

Security researcher Trevor Eckhart discovered that many Android devices come pre-loaded with a piece of software made by Carrier IQ. In this video, he demonstrates how the software works and what it's capable of monitoring. It's since been revealed that versions of the app may have been on other devices, but likely don't log users' actions but provide analytical information for the carriers.

Security researcher Charlie Miller of Accuvant discovered a vulnerability in the Apple iOS software that enables him to use an app he placed in the iTunes App Store to download unsigned code from a remote Web server and run it on any iOS device. In this video, he demonstrates the app and the way that the bug works. Apple has now pulled the app from the store.

Spam has been a scourge on the Internet for more than 15 years now, and many plans and technologies have emerged to try and fight it. Some have worked well, others have failed miserably. In this video, MIchael Kaplan presents a proposal for authenticating every mail transfer agent on the Web as a way of identifying all spam messages. Read more »

The TED talks have long been famous for introducing a wide (albeit wired) audience to The Next Big Thing, whether it was Jeff Hann at NYU demonstrating the Minority Report-style touch-sensitive user interfaces in 2006 - years before the iPhone hit the market - or MIT's David Merrill's demonstration of stackable mini computers called Siftables. (OK - we're not sure yet what the heck you can use those for.) Read more »

Botnets have been a problem for more than a decade now, but in recent years they've become a serious security threat, delivering exploit kits, malware and mass Web site injections. In this video, Jose Nazario of Arbor Networks discusses the current botnet landscape and the adoption of new modular functionality in some bot families. Read more »

The inherent problems with the certificate authority infrastructure have been known for a long time, but they've become even more obvious with the news of the recent compromise of DigiNotar, which resulted in the issuance of a slew of fraudulent SSL certificates. In this talk from the Black Hat USA conference earlier this month, Moxie Marlinspike discusses the issues with CAs and his suggestion to replace the whole infrastructure. Read more »

In this video, via Kaspersky's Lab Matters, Ryan Naraine and Seculert's Aviv Raff discuss the evolution of exploit kits and the recent merger of Spyeye and Zeus. Read more »