Security by Passion !
The new attack plucks secrets from HTTPS-protected pages was demonstrated on Blackhat last Thursday. The well known “HTTPS” which protects millions of sites across the world is prone to attack. The exploit called BREACH bypasses the SSL crypto scheme protecting millions of sites. It decodes encrypted data that online banks and e-commerce sites send in […]
Not long ago one of my friend was skeptical of using any airport “quick phone chargers”. It was a scary concept but as technology is turning towards mobile it comes with no surprise that attackers are targeting power points.The bogus chargers which charges the phone also has transformers. The Iphone treats this as a computer […] Its yet another day for twitter lost the battle for spammers. Mobile Security research saw a increased number of spam emails sent from twitter accounts to anyone from their contact list. When one of researcher found spam email in his personal box, he was surprised. Even I received a spam email from one our researchers. […] McAfee identified a unusual behavior of a Android app that was set to go on for July 4th. The app. As per Netsec , “The app in question is Jay Z Magna Carta, which has ben recently made available on Google Play, and allows users of certain Samsung devices to listen to the rapper’s new […] Yahoo was one of the hottest business couple of years back. They had a great frontend, paid services for extra storage and tons of small business tools. As business grows they lost focus on their core business. Overt the time, spam increased exponentially, yahoo messenger was screaming of spam links all the time, spammers used […] An alarming news broke from Facebook security last Friday on 21st at 7.50pm EST. Its not the hack that exposed this information but it was because of a bug. Its scary that facebook doesn’t even test their code when going to production. This clearly shows the ignorance of facebook and their security team putting users […] Shadowserver is a non-profit organization like abuse.ch, informs the associated network owners about the infections reported by my sinkhole, in addition to infections reported by their own sinkholes and sinkholes run by other operators. Every Computer Emergency Response Team (CERT), Internet Service Provider (ISP) and network owner can get a feed from Shadowserver for their […] Phpbb is a free online forum available and thousands love using it in different ways for exchange of ideas, discussions or build a business. However the spammers are equally busy running auto bots which can create users , fill up captcha and post their own spam topic. In a recent research at mobilesecurityresearch, we […] Its the comeback of OWASP top 10 – 2013. Nothing much has changed security threat landscape when it comes to applications. Below is the screenshot from OWASP pdf and link to the main pdf. OWASP TOP 10 list of 2013 published list. 1) Injection 2) Broken Authentication and Session Management 3) Cross-Site Scripting (XSS) 4) […] The notorious Zeus Trojan from is back to the market with a new set of variants. This was first spotted since 2007, a wide spread powerful trojan targeting bank accounts. Now a report from TrendMicro has shown the come back of Zeus with a new variant. As per net-security : “In this particular instance, the malware […]