[img_assist|nid=10979|title=Paul Brodeur|desc=|link=none|align=right|width=100|height=100]We wrote yesterday about research by Paul Brodeur of Leviathan Security Group on security weaknesses that are built into Google’s Android mobile operating system. Brodeur was able to show, using a proof of concept application, that Android applications without any permissions can still access files used by other applications, including which applications are installed and a list of any readable files used by those applications. In this question and answer session, Brodeur corresponds with Threatpost about his ongoing work studying the Android operating system, and how a combination of loose application coding and insecure design makes Google’s Android a boon for advertisers and others who want to harvest data on mobile users.*
Browsing Category: Videos
When Ralph Langner, an independent security researcher, presented his analysis of specialized code used by the Stuxnet worm to an audience of his peers at the S4 Conference in Miami last month, it was a chance to get down in the weeks with one of the world’s top experts on Stuxnet and threats to industrial control system.
[img_assist|nid=10620|title=|desc=|link=popup|align=left|width=100|height=67]Gamma ray scanners? Night vision cameras? bomb-proof manhole covers? G-Men? It must be Super Bowl time again, and Marion County, Indiana says that they’ve gone where no other municipality has gone before: a permanent, $18 million regional operation center (yes – ROC) that will manage security at the Big Game.
The security of Android devices has come under quite a lot of scrutiny in recent months, with researchers identifying various root exploits and permission leaks that could be exploited. In this video, researcher Thomas Cannon of ViaForensics demonstrates a method for setting up a remote shell on an Android device without using any exploits or vulnerabilities. The method works on various versions of Android, up to and including Gingerbread.
Be careful of what you ask for. That’s a lesson that Max Schrems of Vienna, Austria, learned the hard way when he sent a formal request to Facebook citing European law and asking for a copy of every piece of personal information that the world’s largest social network had collected on him.
Spam has been a scourge on the Internet for more than 15 years now, and many plans and technologies have emerged to try and fight it. Some have worked well, others have failed miserably. In this video, MIchael Kaplan presents a proposal for authenticating every mail transfer agent on the Web as a way of identifying all spam messages.
Google announced its long-awaited mobile payments platform, Google
Wallet, in New York City on Thursday. The company claims it will
revolutionize commerce. But with stories about massive data breaches and
hacks an almost daily occurance, consumers are most concerned about
whether Google Wallet is secure. Here’s what you need to know.
In this video, the folks at Offensive Security demonstrated exactly how the Windows DLL-hijacking vulnerability can exploited using Metasploit and a benign PowerPoint slide.
In this video, Aza Raskin of Mozilla demonstrates a new class of phishing attack in which the attacker is able to use malicious code in one browser tab to completely change the content in another tab on a victim’s browser.
In this video, Lenny Zeltser, a SANS instructor, outlines the basic concepts of reverse engineering malware, describing the process of analyzing the code and the behavior of the malware.