HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 16, 2014

Key Articles of Interest

 

Retailers Launch Comprehensive Cyber Intelligence Sharing Center 
Retail Industry Leaders Association (RILA), along with several of America’s most recognized retail brands, launched the Retail Cyber Intelligence Sharing Center (R-CISC).

 

The Mad, Mad Dash to Update Flash
An analysis of how quickly different browser users patch Adobe Flash vulnerabilities shows a marked variation among browser makers. The data suggest that Google Chrome and Mozilla Firefox users tend to get Flash updates relatively quickly, while many users on Microsoft’s Internet Explorer browser consistently lag behind.

 

FBI Cybercrime Crackdown - Blackshades
It would seem the FBI is cracking down on cybercrime (well script-kiddies at least), with a bunch of international raids carried out in the past few days and more said to come. As of today, it seems that the raids are only targeting users of “blackshades”--a popular remote administration tool.

 

Data transmission in Internet security products
Many Internet users are concerned about who has access to their personal information and what is done with it. After revelations by Edward Snowden regarding the extent of eavesdropping by the US- American NSA, users have become increasingly aware of privacy issues. 

 

Into the Light of Day: Uncovering Ongoing and Historical Point of Sale Malware and Attack Campaigns
Point of Sale (PoS) systems that process debit and credit cards are still being attacked with an increasing variety of malware. Over the last several years, PoS attack campaigns have evolved from opportunistic attacks involving crude stealing of card data with no centralized Command & Control, to much more highly targeted attacks.

 

The Secret Messages Inside Chinese URLs Decoding 4008–517–517.com
An American friend living in Beijing once said she refused to communicate with anyone whose email address consisted of a string of numbers. This made sense to me at the time—why make email addresses as difficult to remember as phone numbers? But I soon realized that issuing a blanket ban on number-based communications would mean cutting off just about every single Chinese person I knew.

 

A DNS Tutorial and Primer
The Domain Name System (DNS) makes the Internet usable to humans by providing a naming structure for online resources and mapping those names to the addresses where the resources reside. Without it, websites would be accessible only by entering long strings of numbers, such as: “120.238.104.535”.

 

The “Cobra Effect” that is disabling paste on password fields
Let’s just allow the nuances of that one to sink in for a moment…

How a mayor’s quest to unmask a foul-mouthed Twitter user blew up in his face
Angry backlash shows that online overreach won't "play in Peoria." How one town's mayor sparked a police investigation that ended with town cops rifling through a mobile phone, a laptop, and the full contents of a Gmail account--over an alleged misdemeanor based on something written on social media. 

 

PExy: The other side of Exploit Kits
The drive-by download scene has changed dramatically in the last few years. What was a disorganized ad-hoc generation of malicious pages by individuals has evolved into sophisticated, easily extensible frameworks that incorporate multiple exploits at the same time and are highly configurable. We are now dealing with exploit kits.

 

A security evaluation of Estonia’s Internet-based e-voting system
Estonia is the only country in the world that relies on Internet voting in a significant way for legally-binding national elections — in recent polls, 20–25 percent of voters cast their ballots online. The team sought to understand its strengths and weaknesses in order to inform technologists and decision makers globally about the prospects of Internet voting.

 

Online advertising poses significant security, privacy risks to users, US Senate report says 
The current state of online advertising endangers the security and privacy of users and the U.S. Federal Trade Commission should force the industry to offer better protections through comprehensive regulation, the U.S. Senate said in a report.

Labels: HP| security
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation