Share |

InfoSec News

A solo Iranian hacker has claimed responsibility for stealing multiple SSL certificates belonging to some of the Web's biggest sites, including Google, Microsoft, Skype and Yahoo.
 
Despite its name, DestroyTwitter (free/donationware) is actually one of the most pro-Twitter apps out there. This lightweight, AIR-based desktop client is all about Twitter--and only Twitter. This laser-sharp focus helps keep the app's footprint small, but it also means it won't work for folks looking for a way to manage multiple social networks. Still, if you're looking to get the most out of Twitter, DestroyTwitter could be the app for you.
 
Mozilla set an unofficial record for software downloads on the second day of Firefox 4's launch, the company said.
 
Editors’ Note: Each week the Macalope skewers the worst of the week’s coverage of Apple and other technology companies. In addition to being a mythical beast, the Macalope is not an employee of Macworld. As a result, the Macalope is always free to criticize any media organization. Even ours.
 
Editors’ Note: Each week the Macalope skewers the worst of the week’s coverage of Apple and other technology companies. In addition to being a mythical beast, the Macalope is not an employee of Macworld. As a result, the Macalope is always free to criticize any media organization. Even ours.
 
In the past month or so, I have observed some strange Shockwave files that surprisingly, contain 2 other files attached inside the end of the file. First, an EICAR test file is found at the end of the Shockwave file portion which is immediately followed by a Window executable. Most IDS would trigger on that window binary transfer, including Snort. The shockwave file portion did not contain any malware.

The EICAR test file found X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* is a typical ANTIVIRUS test file. [1]
However, after carving the Windows binary and submitting its MD5 for analysis to VirusTotal, it returned some surprising results. The MD5 of this file is 22a0c9e8f8c83f70caf04d757732eb21 and shows if this file manages to run, it could compromise to the client.


Have you seen anything like this? Let us know via our contact form.


[1] http://www.eicar.org/anti_virus_test_file.htm
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Lucrative opportunities emerge in data security
Boston Herald
With increasingly frequent reports of big companies such as Google, DuPont, GE, and Johnson & Johnson being targeted by hackers, the "infosec" career field is growing "as fast as online computing is expanding," said Weaver, 33. ...

 


Internet Storm Center Infocon Status