Archive for the 'HTTPS' Category
ESET researchers Aleksandr Matrosov and Eugene Rodionov just gave a talk on Defeating x64: Modern Trends of Kernel-Mode Rootkits at the seventh Ekoparty security conference, which took place at its traditional location of Buenos Aires, Argentina between the 21st and 23rd of September.
The presentation described new trends in bootkit/rootkit development for x64 Microsoft Windows operating … Read More…
When Róbert Lipovský and I commented on the DigiNotar/SSL situation, we said that " the user should be cautious (as always), but there's no cause for panic." While I still think that's fair comment, there's no doubt that things aren't looking any better.
Right now, much media attention is starting to be focused on DigiNotar's filing for … Read More…
Introduction
As the sun is setting and I breathe some of the night time air I am inspired to write about Facebook. Yes, *the* Facebook, the third largest country if it were a physical place with boundaries under a common rule of law and government. When many people use a service such as this, it bears … Read More…
As promised earlier (see http://www.eset.com/threat-center/blog/2009/10/07/https-revisited-spanish-video) an English version of ESET Latin-America’s demonstration video of a phishing attack using HTTPS is now available at http://www.eset-la.com/centro-amenazas/videos/phishing-https-english/.
Those earlier blogs again:
http://www.eset.com/threat-center/blog/2009/10/06/ssl-to-certify-web-security-is-not-to-guarantee-it
http://www.eset.com/threat-center/blog/2009/10/04/truth-fiction-and-https
Thanks, Sebastián!
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET LLC
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity … Read More…
Further to our blogs on HTTPS and SSL certificate issues – see http://www.eset.com/threat-center/blog/2009/10/06/ssl-to-certify-web-security-is-not-to-guarantee-it and http://www.eset.com/threat-center/blog/2009/10/04/truth-fiction-and-https - Sebastián Bortnik has been talking to us today about a video that ESET Latin-America have put together demonstrating a phishing attack using HTTPS.
If your Spanish is better than mine, you can check it out here. However, we’ve been working on an English … Read More…
Hard on the heels of the translated blog by Sebastián Bortnik that I posted at the weekend comes news from the Register (http://www.theregister.co.uk/2009/10/05/fraudulent_paypay_certificate_published/) of a bogus Paypal SSL certificate released yesterday exploiting a bug in Microsoft’s crypto API that has remained unpatched for more than two months, when Moxie Marlinspike (can I have a handle … Read More…
Update, 19th October. I was recently contacted indirectly by Eddy Nigg of StartCom, who points out, quite rightly, that this issue is not specific to StartCom, nor a problem created by StartCom. He commented further in a comment to Dan Raywood’s article for SC Magazine arising from this blog entry, and I think it’s only … Read More…
- David Harley (741)
- Randy Abrams (431)
- Cameron Camp (110)
- Stephen Cobb (62)
- ESET Research (56)
- Pierre-Marc Bureau (51)
- Aryeh Goretsky (31)
- Andrew Lee (15)
- Jeff Debrosse (12)
- Robert Lipovsky (12)
- Paul Laudanski (11)
- Sebastian Bortnik (8)
- Dan Clark (6)
- Righard Zwienenberg (6)
- Sébastien Duquette (5)
- Aleksandr Matrosov (3)
- Peter Stancik (3)
- Alexis Dorais-Joncas (3)
- Tasneem Patanwala (3)
RSS
