More Related Content Similar to News bytes Sept-2011 (20) News bytes Sept-20114. Also works with govt on its PKI implementations 7. Damage : Issued fraud certificates for nearly 531 domains 17. Avg. browser trust more than 600 CAs , bad history of not doing their job correctlyBlackhat/Defcon talk:: SSL and the Future of Authenticity By Moxie Marlinspike: Talk about replacing CA infrastructure Issue with SSL : Authencity Idea : Download the presented SSL certificate directly and then ask a series of trusted notaries to download the certificate and give it to you as well. Convergence : Browser Addon. http://convergence.io/ --Threatpost 20. Over 6 months – Grabbed 1,20,00 emails - 20 GB of data from fortune 500 companies 22. Domain MITM : Set up email servers on typosquated domain and relay mail to correct recepient. 24. e.g. Orgn: Email domain-> mail.bank.com, Typosquatted registered domain: mailbank.com -- wired, tekblog 25. List of companies (in red) whose sub domains potentially vulnerable to attack --Wired 30. IE 9 – Application Reputation : Warns users of potentially dangerous files downloaded from internet.-- Avast Blogs 33. Try logging in with Administrator through list of common passwords 38. User must first sent an MMS with malware as an attachment to victim 39. Once Installed, reports about activities will be sent to backend service which can be accessed by customer through portal. 40. Currently for Symbian and windows mobile users, can be provided to android users with NICKISPY malware. 43. Inserteda Trojan startup file into the startup scripts rc3.d on one of the servers so that it would run whenever the machine was started. 44. Files belonging to ssh (openssh, openssh-server and openssh-clients) were modified. 46. Week later linux.com, linuxfoundation.org taken offline due to a security breach-- h-online,linux.com 48. Taken by Cisco employee who runs @CiscoSecuritytwitter account 51. Downloaded utorrent client between 4:10 am to 6:20 am Pacific time on 13thsept- You Are INFECTED with malware 57. Will embed within ESXi, Xen, KVM and Hyper-V hyperwisors too --theregister, softpedia, h-online news, webroot.com 60. Don’t exploit vuln in device, user have to manually download and install the app to get infected 62. Uses users fb email address to upload content from mobile devices 64. PoC hack showed scanning QR code with embedded URL directed to spoofed site and fed malware. 68. Windows 8 demonstrated at Microsoft's BUILD conference. 69. Picture passwords, faster boot time, built in AV, boot from usb flash drive and new friendlier blue screen of death 70. Developer preview is available free for download-- h-online news, foxnews, zscaler, theregister 83. A summary of PDF tricks: data encodings, JavaScript, or PDF structure