About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
Google has released its own Web application security scanner, called Skipfish. The free scanner is designed to work within a variety of existing Web application frameworks and is built with an emphasis on speed and low false-positives, the company said.
The malware that was found on a pair of Vodafone memory cards installed in HTC Magic handsets recently has in fact affected an entire batch of 3,000 memory cards, the company said.
A month after an advisory was published detailing a new vulnerability in Firefox, Mozilla said it has received exploit code for the flaw and is planning to patch the weakness on March 30 in the next release of Firefox.
It seems that the HTC Magic phone distributed by Vodafone in Spain that security researchers discovered recently was pre-loaded with the Mariposa bot client was not an isolated incident after all, as the concerned party had claimed. An employee of another Spanish security vendor found the same malware pre-installed on the same model phone this week bought directly from Vodafone.
The authors of the Zeus bot client, perhaps the most popular and pervasive piece of malware of its kind right now, have taken an extraordinary step to protect their creation: inserting a hardware-based licensing scheme into the Trojan. This represents a significant leap in the sophistication and professionalism of malware development, researchers say.
After Microsoft’s actions to take down the Waledac botnet last month, there was some question about whether the operation was much more than a grab for headlines that would have little effect on actual spam levels or malware infections. But more than three weeks after the takedown, researchers say that Waledac has essentially ceased communications and its spam operations have dropped to near zero.
A lot of people in the security industry are paid to think like attackers: pen testers, security consultants, software security experts. But some of these people have never met an actual black hat, so much of their work is necessarily based on what they think attackers might do in a given situation.
Dennis Fisher talks with Marc Maiffret of FireEye at RSA Conference 2010 about the lack of sophistication in the Aurora attack and the state of malware attacks on the Web.
Dennis Fisher talks with security researcher Robert “Rsnake” Hansen about how online privacy became such a mess, Google’s effect on personal privacy and the virtual impossibility of using the Internet without using Google’s services.
The news that Pennsylvania CISO Bob Maley lost his job for publicly discussing a security incident at last week’s RSA Conference really shouldn’t come as a surprise, but it does. Even for a government agency, this kind of lack of understanding of what actually matters is appalling and it is a glaring example of the sickness of secrecy that’s infected far too much of the security community.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
