Digital Underground podcast with Dennis Fisher

Dennis Fisher talks with Tyler Shields of Veracode about his BlackBerry spyware application, txsBBSPY, the coming wave of smartphone attacks and his lack of surprise about the Google Aurora attack.

digital_underground_47.mp3

A security researcher demonstrated a spyware program at the ShmooCon conference on Sunday that is capable of intercepting and recording text messages, emails, Web traffic and other data sent to and from BlackBerry devices.

This video demonstrates a proof-of-concept BlackBerry spyware package developed by Tyler Shields, one of Veracode's senior security researchers.

Digital Underground podcast with Dennis Fisher

Dennis Fisher talks with Paul Roberts of the 451 Group about the implications of the Aurora attack on Google and Adobe, the need for better understanding of advanced threats and what to expect at the RSA Conference.

digital_underground_46.mp3

The recent disclosure by Google, Adobe and other companies that their networks had been thoroughly compromised by attackers who may have been after their source code has prompted a tremendous amount of discourse both in the security community and in the general public about the political and commercial implications of the attacks. But the fact of the matter is that the attacks themselves were neither remotely unique nor particularly clever. And that is what should be worrying lawmakers, corporate security specialists and anyone else with some skin in the game.

The House today overwhelmingly passed a bill aimed at building up the United States’ cybersecurity army and expertise, amid growing alarm over the country’s vulnerability online. Read the full story [New York Times].

The world's largest Internet search company and the world's most powerful electronic surveillance organization are teaming up in the name of cybersecurity. Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google -- and its users -- from future attack. Read the full article [Washington Post].

MOSCOW--The problem of attackers infecting legitimate Web sites with malware that then silently exploits vulnerabilities in users' browsers reached unprecedented levels in 2009, with 1 in every 150 legitimate sites serving up malware, experts say.

There are several flaws in the way that the iPhone handles digital certificates which could lead to an attacker being able to create his own trusted certificate and entice users into downloading malicious files onto their iPhones.

This video from the SANS Internet Storm Center explains how to detect and block IPv6 traffic in Linux.