Background Image

Developer Blog

Found 8 results.

Oct 02

LoJax Malware Discovered On Laptop

The UEFI boot-loader, or Unified Extensible Firmware Interface is: An arguably superfluous step towards improving the layer of hardware abstraction recognized at boot... Which essentially means that non standard computer and rtos type systems with (strange arrays?) - might still have options for running/booting "software" in a manner consistent with ordinary boot-loaders, which are of course fairly standardized. PC hardware changes slowly enough for most operating systems engineers to write customized loading protocol within a system kernel for every target system with perhaps 2-3 exceptions for ordinary use. 

Read More

Jul 18

Malware Found In Arch Linux

3 or more packages in the Arch Linux user repositories were found to contain malware due to orphaned repository ownership changes, and the resulting packages in question are marked as follows. The packages themselves pose minimal risk but should be removed by anyone using Arch (or any Arch based distro) or anyone using Arch User Repo packages via apt or pacman via source change audits. 

acroread 9.5.5-8
balz 1.20-3
minergate 8.1-2

Read More

Jan 23

Ransomware 2017-2018

By the 3rd quarter of 2017 64% of malicious email attacks contained one form of ransom ware or another. These attacks are on the rise so it seems prudent to disclose some information regarding these attacks, and perhaps some strategies for prevention and removal. Below we'll list the top 10 ransom ware attacks and below that some specific steps that can be taken.

Read More

Jan 05

Meltdown And Specter

Everything you know about hacking is probably going to change soon. Specter and Meltdown are "among" the first vulnerabilities that potentially make use of weaknesses in isolation layers. Layers that generally are protected from programs that might try to bypass them through more conventional exploitation. The x86 addresses and sinkholes - which are only documented by the manufacturers of processors in ways that read like censored encyclopedias, are in fact being documented in the wild by a few hackers - if not many. This means that anyone who knows how to fuzz a processor's microcodes and has enough time on their hands can in point of fact find exactly the kinds of exploitable snippets of microcode that would make use of vulnerabilities like the ones we are discussing.

Read More

Dec 13

Why Kaspersky Is Now Banned From US Government Computers

Kaspersky Labs has a rich history as the maker of the worlds first true antivirus product. The company introduced heuristics based antivirus ages ago and long before any of it's competition. The company is based in Moscow and has operated well above the expected standard for a normal antivirus product. So why has the US government banned it's use recently? Are they really working with Russian government? Where is the evidence?

Read More

Nov 28

Getting Started In Information Security

Some of the challenges of breaking into information security as a career involve finding the right resources. Fortunately it is becoming easier and with the right mentality you can avoid becoming a pseudo expert by learning the real fundamental skills to make the constant evolution in a challenging field.

Read More

Nov 26

Why Linux Developers And Security Professionals Need Common Goals

In recent weeks we've heard how fuzzing is good for Linux, and how security professionals are posing dangers to the Linux kernel's functionality. Both of these statements were entirely fair, and both were from Linux creator Linus Torvalds. His instruction to: ""Do no harm,"" perhaps requires an overview of how security implementations often disable useful services, change commonly used protocols, and similarly can: "complicate existing infrastructures" in ways that can lead to general avoidance of use. From a developer's point of view, security is just one small aspect of a much larger picture. From a security perspective, it is a landscape full of weaknesses that were caused by poor planning by developers.  

Read More

Nov 14

Vulnerability Assessment Tools

Whether you prefer Windows or Linux there are steps you can take to improve your system's security and network topology. Step 1 is always information gathering, and that is true of your host system as well. No matter if you are a Pen Tester or just feeling anxious about people sniffing around your PC, these tools help.

Read More