Domain: iseclab.org
Stories and comments across the archive that link to iseclab.org.
Comments · 9
-
Tell you what: THESE *may* help... apk
They CAN function as decent indicators (provided this isn't some "brand new" site they haven't tested):
http://safeweb.norton.com/buzz
http://www.siteadvisor.com/
http://wepawet.iseclab.org/
http://www.mywot.com/en/commun...
http://www.virustotal.com/
http://www.mcafee.com/us/mcafe...
http://www.malwareurl.com/list...
http://cbl.abuseat.org/lookup....
http://www.threatstop.com/chec...
http://www.avgthreatlabs.com/s...* You can run sites OR IP Addresses thru them to check *ANY* sites you wish that you're unsure of... enjoy!
APK
P.S.=> In fact, I built hooks into those into this application of mine (in its "Site Checkers" menu, pictured below) that allows users of my APK Hosts File Engine 9.0++ 32/84-bit-> http://start64.com/index.php?o... to answer the SAME basic question you have - in case they wish to remove any sites blocked in the hosts file data imported, these sites give them a FAR MORE DECENT INDICATOR than mere "word-of-mouth"... apk
-
Re:I can predict the future
I can predict there will be a lot of posts by developers of other languages laughing at PHP while ignoring their own languages massive security failures in the often not so distant past.
You know, I'm going to have to disagree with you on this one.
I'm not saying that other languages are perfect, far from it. But the PHP world, by and large, is inhabited by people who don't really understand security. I've worked in it for a long time, and in every single application and library written in PHP that I encounter, I find results that show signs of knowing of, for instance, the existance of concepts called "SQL injection" and "XSS attack" but no understanding of what those things actually mean beyond taking some boilerplate kinda-solution in most but not all relevant locations.
By contrast, the libraries that Java and Python and Ruby provide, both out of the box and in third-party packages, tend to have been designed to make those kinds of attacks difficult to open yourself up to. The documentation for those packages emphasizes the security risks and concerns, the developer communities do everything they can to reduce those risks, and the result is that there are fewer minefields.
And that is why, in this paper, a whopping 80% of SQL injection and a disproportionately high number of XSS vulnerabilities are from projects that were written in PHP. It's possible to do the right thing in that language, but the evidence is fairly strong that developers focused primarily on PHP don't.
-
Re:Public or private data?
How is it abuse when the data is supposedly collected in an anonymizing fashion?
anonymizing social data is extremely hard. If you're confident that the dataset is sufficiently anonymized, then you've probably erased all of the interesting data.
-
Re:And this is actually quite innocent
I'm not about to give you statistics because I don't have them. I do have anecdotal, I can tell you that every keygen I've ever seen was a trojan. While any given one may in fact have generated legit keys (hard for me to tell, I wasn't using trying to use the keys), they certainly did act as a first step downloader for infecting the system. My interest in all of this? Finding the source of infections. One of the most infected systems I've seen (competing remote controllers) had no legit software other than what came with it. Lots and lots of pirated software.
"That's exactly what the software distributors want you to think" -- very true
"All the statistics created about the effects of piracy are fabricated" -- possibly true, but sweeping statements such as this ("all the statistics...") are generally not true due to needing only a single exception to falsify
Did it ever occur to you that just because the "software distributors" have a vested interest they might not be wrong about everything? Did it ever occur to you that it is easier to infect the back channels used by piracy rather than the official distribution channels? (Not that they are sacred or pure, there have been cases where the CD masters were created with a virus.)
In the ~30 years I've been using computers the strong connection between software piracy and viruses has remained fairly constant. Anecdotal? Yes. But, call me crazy, I'm not going to run a keygen outside of a virtual environment (and preferably someone *else's* virtual environment -- I like http://anubis.iseclab.org/).
-
Not only Microsoft
Its not only Microsoft that participated in this operation. International Secure Systems Lab also associated with this. http://blog.iseclab.org/2011/03/24/the-underground-economy-of-spam-a-botmasters-perspective-of-coordinating-large-scale-spam-campaigns/ And they are continuing further down the road.
-
It's not a bug, it's a feature
Fixing this alone means nothing. If you search for someone on Facebook it will show you a name and a profile picture. Sure, it requires a facebook account, but that's not too hard to create for somebody with 4,000,000 email addresses.
People from our lab have a paper coming up at RAID this year pretty much on the same issue, exploited at a large scale (trying millions of email addresses): http://iseclab.org/papers/raid2010.pdf. Read it if you want to get an idea of how much impact such an attack can have. As a spammer, if I know the full name and list of friends (public information on facebook) associated with an email address in my spam targets list, I can do some very sneaky, targeted spam pretending to come from one of your friends...
The important point is that this is not a bug. It's an undesirable side effect of the friend finding feature that is very useful to some users and that facebook certainly has no intention of removing. As a consequence of this paper, they apparently implemented a rate limiting in the number of email address queries one can do... better than nothing, but there are no full solutions. -
Re:download.com
By testing it in a sandbox, of course! Here's a super-nifty free binary analyzer that runs in your browser: http://anubis.iseclab.org/
-
Re:law enforcement back doorPeople are claiming this is a analysis of PIFTS.exe. I have no way to verify that this really is the norton PIFTS.exe so keep that in mind.
Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web.
medium
Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary.
high
Performs Registry Activities: The executable reads and modifies register values. It also creates and monitors register keys.
low -
we have that in vienna for years...
as a two-semester course.
It is held at the technical university in vienna and is called "InetSec"
http://www.iseclab.org/InetSec/
The course has a very high quality and includes practical exercises like sql exploits, writing buffer overflows, trojans and the like.
You even get your own automatically generated "1337 handle" upon subscription to the course, and you can advance from "script kiddy" (not homework assignments aka challenges turned in) to "master guru" (turned in everything + extra work + participated in a CTF) - so actually participating in the course is more fun and play than work
;)I wonder why that article is news, since there is a CTF (http://www.cs.ucsb.edu/~vigna/CTF/) held every year, where a lot of universities and colleges from everywhere participate - i doubt they don't have similar courses.
Then again, since the viennese guys kick ass at these contests...
;)