Rodney Campbell's Blog

Security Evaluation of Apple’s iPhone (pdf)

The iPhone’s applications for surfing the web and checking emails are potentially at risk to remote attacks. We wanted to determine exactly how well the software on the iPhone was designed to resist such attacks.

Anti-(Anti-Malware) Malware detects if in VM environment and reboots

By detecting virtual machines and changing the behavior, malware authors make analysis more difficult – an AV researcher either has to run the malware on physical machines, modify the virtual environment he’s using to prevent detection or manually analyze the malware.

BIND 9 DNS Cache Poisoning

The paper shows that BIND 9 DNS queries are predictable i.e. that the source UDP port and DNS transaction ID can be effectively predicted.

Phishing tool constructs new sites in two seconds

Analysts at RSA Security early last month spotted a single piece of PHP code that installs a phishing site on a compromised server in about two seconds.

Feds use key logger to thwart PGP, Hushmail

A recent court case provides a rare glimpse into how some federal agents deal with encryption.

Mac OS X with 100 bugs – Still safer than Windows?

Apple has plugged around 100 vulnerabilities in OS X so far this year, but the malware threat to Mac customers is insignificant compared to users of Microsoft Windows.

Anti Forensics: making computer forensics hard

Methods of removal and subversion of evidence with the objective to mitigate results of computer forensics.

ToorCon 8 Videos

Time to blacklist blacklists

Blacklists have their place for detecting and identifying malicious content and activity, with the whole signature-based malware detection industry effectively being built around the concept that blacklists are reliable mechanisms. The only problem is that they aren’t.

Eight in ten major Web sites highly vulnerable to attack

Eight out of ten Web sites contain common flaws that can allow attackers to steal customer data, create phishing exploits, or craft a variety of other attacks, a security company reported today.

Alternative Botnet C&Cs (pdf)

Free sample chapter (chapter 3) from Botnets: The Killer Web Application.

The IPO of the 0day (pdf)

Stock fluctuation from an unrecognized influence; interesting stats: average 0day lifetime: 348 days, shortest life: 99 days, longest life: 1080 (3 years).

Have Spammers Overcome the CAPTCHA?

A new threat, dubbed Trojan.Spammer.HotLan.A, is using automatically generated Yahoo and Hotmail accounts to send out spam email, which suggests that spammers have found a way to overcome Microsoft’s and Yahoo’s CAPTCHA systems.

The Evolution of Self-Defense Technologies in Malware

This article explores how malware has developed self-defense techniques and how these techniques have evolved as it has become more difficult for viruses to survive. It also provides an overview of the current situation.

Inside OS X Security

Once you get past all the yelling and emotion, Mac OS X is a pretty secure operating system, at least as secure as any other operating system in its class. Mac users are exactly as vulnerable to phishing and social engineering attacks as any other platform.

MPAA Sets Up Fake Site to Catch Pirates

MediaDefender Inc has launched a website called “MiiVi” dedicated to busting those who both like to download copyrighted content as well as those who already have. The site is apparently the latest ploy in the ongoing battle against illegal file-sharing and literally takes the game to new heights. It offers WHOLE DOWNLOADS of movies as well as the ability to download and install a “miraculous” new program that offers “fast and easy downloading all in one great site”. There’s just one problem: the site’s registered to MediaDefender Inc. and after it’s installed, it searches your computer for other copyrighted files and reports back.

Is It OK that Google Owns Us?

Google’s continuously raked over the coals regarding the massive amounts of PII (personally identifiable information) it collects, what it does with it, how long it retains that data and what the company might do with it if its merger with DoubleClick goes ahead.

Senior execs targeted in ‘precision’ malware attacks

On 26 June, net security services firm MessageLabs intercepted more than 500 individual email attacks targeted against individuals in senior management positions.

Spammers Duke It Out In Online Turf War

Just as thugs and drug dealers jealously guard their street corners with destructive turf wars, online spammers and other shadowy characters have been known to attack one another for control over virtual real estate. This week, security experts spotted a nasty tussle brewing between criminals who operate two of the largest networks of hijacked computers used to blast out spam.

Vista is Watching You

Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company.

Integrity of hardware-based computer security is challenged

Withdrawn Black Hat paper hints at flaws in TPM security architecture.