- The Washington Post published an article by Andrea Peterson on why stolen European credit card numbers cost 5 times as much as U.S. ones on the underground market. There are several reasons for this, different credit card technology or how monetization for stolen cards works out are two of them but in the end it’s a function of supply and demand and the structure of the online underground economy.
- Distributed Denial of Service (DDoS) attacks are not a matter of if but when they happen to you. Sean Leach of Verisign provides 5 key steps enterprises can take to be prepared for a future attack.
- In an anti-botnet takeover of .pl domains, NASK (the .pl ccTLD registry) and CERT Polska have shutdown over 641 malicious domains, with 179 being used for C&C purposes. They terminated the agreement with the Registrar Domain Silver, Inc, which only had one benign domain name (domainsilver.pl itself) registered.
- Jeremiah Grossman and Matt Johansen of White Hat Security presented their research at Black Hat USA 2013 showing that you can “build” a browser botnet by leveraging advertising networks such as AdSense or DoubleClick.
- Another Black Hat speaker Paul Stone of Context Information Security showed how you can steal data from a web browser with the use of JavaScript-based timing attacks.
- Simon Mullis of FireEye posted part one and two of a three-part series on why old malware such as Carberp or Zeus are still successful. Part one: Why Carberp, ZeuS, and Other Vintage Malware Have a Bigger Bite Than You Think. Part two: Cybercriminal Intent: How to Build Your Own Botnet in Less Than 15 Minutes.
- David Kriesel found out that Xerox scanners/photocopiers randomly alter numbers in scanned documents! Apparently, the problem only exists with small font sizes and with low-resolution.
IT-Security-Links #32
SWITCH Security-Blog 