-
Oct 28, 2016
Fingernails shape? A useful video lesson Matthew McAllister gives a lesson about the neverending story for classical guitarists: the shaping of fingernails. The video has published on the great YouTube channel of Siccas Guitars. Enjoy! [embed]https://www.youtube.com/watch?v=QT-_2Z3cN2k[/embed] About the teacher From Matthew’s official… read more »
-
Oct 27, 2016
A new attack technique that exploits the Rowhammer hardware vulnerability on Android devices Earlier last year, security researchers from Google’s Project Zero discovers Rowhammer, a hardware bug that allows attackers to manipulate data in memory without accessing it: by reading many… read more »
-
Oct 26, 2016
“ You are being watched!” The Android-IMSI-Catcher-Detector (short: AIMSICD) is an Android open-source based project to detect and avoid fake base stations (IMSI-Catchers) or other base-stations (mobile antennas) with poor/no encryption, born in 2012 on XDA. The project aims to… read more »
-
Oct 25, 2016
Update, now! If you have an Apple device, you should update it to IOS 10.1 as soon as possible: the update addresses a vulnerability that allows you to take control of the device by simply sending a JPEG image specially… read more »
-
Oct 25, 2016
An experimental but useful project ViperMonkey is a toolkit written in Python by Philippe Lagadec, developed to parse VBA macros and emulate their execution. ViperMonkey acts as a VBA Emulation engine, and tries to analyze and deobfuscate malicious VBA Macros contained… read more »
-
Oct 25, 2016
Continuously updated… Last Friday a sizable DDoS attack was launched against Dyn’s “Managed DNS” infrastructure using a Mirai-Fueled IoT Botnet, making unreachable services of some companies such as Twitter, Spotify, Netflix, GitHub, Amazon and Reddit. All sites that deal with… read more »
-
Oct 24, 2016
Using an IMSI-catcher and a Femtocell The security researcher Wanqiao Zhang of Qihoo 360 has published a research about a vulnerability in LTE networks. The attacks work through a series of messages sent between malicious base stations and targeted phones.… read more »
-
Oct 24, 2016
“If you know your enemies and know yourself, you will not be imperiled in a hundred battles” (Yes, it’s a quote by Sun Tzu) The GitHub account of infosecguerrilla is a precious source of information about malware. Into two repositories is… read more »
-
Oct 21, 2016
Any user can become root in less than 5 seconds! The bug has existed since Linux kernel version 2.6.22 and was found by Phil Oester. Exploitation of this bug does not leave any trace of anything abnormal happening to the logs. So… read more »
-
Oct 21, 2016
“Because understanding blockchains should not be a difficult task!” A very interesting Node.js project developed by Lauri Hartikka. Blockchain is a distributed database that maintains a continuously-growing list of records called blocks secured from tampering and revision. The blockchain format… read more »
-
Oct 20, 2016
A priceless resource! By chance I came across this site: [embed]http://maurogiuliani.free.fr/en/[/embed] If you omit to comment the extremely dated graphic, you can find out that it is a priceless resource that contains almost all production for guitar of Mauro Giuliani,… read more »
-
Oct 19, 2016
Yes, only []()!+ JSFuck is an esoteric programming language with a very limited set of characters: (,), [, ], +, !. The name is derived from Brainfuck, but the only similarity to Brainfuck is having a minimalistic alphabet. The challenge in JSFuck… read more »
-
Oct 18, 2016
The tool utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes mimikittenz (the younger brother of Mimikatz?) provides a user-level extraction tool for sensitive data, focusing on running process memory address space: once a… read more »
-
Oct 17, 2016
This technique should improve the efficacy of existing correlation attacks with the monitoring of DNS traffic from Tor exit relays. Researchers at the KTH Royal Institute of Technology in Stockholm and Princeton University in the USA have unveiled a new attack… read more »
-
Oct 14, 2016
Five examples and some suggestions In a brief article on Symantec “Security Response” blog, Shaun Aimoto explains some techniques used by malware creators to evade security apps analysis. Packing Android packers are able to encrypt an original classes.dex file, use… read more »
-
Oct 13, 2016
Malware using obfuscation to avoid detection, and the possibilities are quite endless Obfuscation is a technique that makes binary and textual data unreadable and/or hard to understand. Software developers sometimes employ obfuscation techniques because they don’t want their programs being reverse-engineered… read more »
-
Oct 12, 2016
Simple and well coded Матрёшка is a steganography tool written in Python, useful to hide and encrypt images or text in the least significant bits of pixels in an image using HMAC-SHA256 to authenticate the hidden data. It’s a simple but… read more »
-
Oct 11, 2016
For Linux, Windows, OSX, Android and iOs Cloud storage is very useful, but for really important/private stuff, a best practice could be adding of a further encryption layer, perhaps with a cross-platform solution. http://imgs.xkcd.com/comics/security.png A simply method could be use Truecrypt… read more »
-
Oct 10, 2016
Pretty simple, according to recent researches! A group of the researchers from the Iswatlab team at the University of Sannio demonstrated how is easy to create a mobile malware that eludes antivirus solutions. The research was conducted by Corrado Aaron… read more »
-
Oct 7, 2016
Actually lasted longer than the company itself! An auto repair shop in Gdansk, Poland still uses a Commodore 64 to run its operations: a lesson to learn about consumerism! This image was posted on Commodore USA’s Facebook page, with this comment:… read more »