About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
The scareware and rogue AV problem that initially appeared a few years ago and has since found its way onto thousands and thousands of legitimate Web sites, including The New York Times home page, has now reached epidemic levels. The scams are mostly boilerplate and well-understood, but it’s not often that we get to take a peek behind the curtain and see the inner workings of the schemes. Here’s just such a chance.
The remote-wipe capability that Google recently invoked to remove a harmless application from some Android phones isn’t the only remote control feature that the company built into its mobile OS. It turns out that Android also includes a feature that enables Google to remotely install apps on users’ phones as well.
This week was one of the ones that my colleague Ryan Naraine often refers to as a Patchapalooza, with each day bringing a new set of fixes for Firefox, Opera, the iPhone or some other device or application. And it didn’t even include Microsoft or Adobe. Go figure. The week also included the revelation of a major flaw in Firefox and the approval of a new cybersecurity bill in Washington. Read on for the full week in review.
Adobe on Tuesday will release the patches for the critical authplay.dll vulnerability in Reader and Acrobat that was disclosed earlier this month. The company already has issued a patch for the same flaw in Flash.
As the events of recent weeks have shown, there is no better way to start a dumpster fire of an argument among a group of security people than to bring up the hideous, threadbare topic of full disclosure. No one is ambivalent about it; everyone has an opinion, and usually a strong one. But what’s become increasingly clear of late is that, in the era of sophisticated, highly targeted attacks, it just doesn’t matter.
A prominent security researcher has identified a problem with the way that Mozilla Firefox handles links that are opened in a new browser window or tab, enabling attackers to inject arbitrary code into the new window or tab while still keeping a deceptive URL in the browser’s address bar.
Researchers have identified a bug in the way that some third-party VPN services use the PPTP protocol over IPv6, a problem that enables eavesdroppers to unmask the specific IP addresses of the VPN service’s users.
Dennis Fisher talks with Alex Horan of Core Security about penetration testing, the place of security within a business and Core’s new push to make security more accessible and understandable for business leaders.
Security experts are warning about a fresh round of attacks against SSH implementations. The attacks are brute-force attempts to authenticate to remote SSH servers, a tactic that has been used quite often in the past in distributed attacks.
Two prominent privacy-rights organizations, the Tor Project and the Electronic Frontier Foundation, have launched a new Firefox extension that encrypts all of the browser’s communications with some prominent Web sites.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
