Security Research | Page 62

Last week, I had hardly reached my desk when a colleague rushed by my side and told me, all excited, Apple had announced the release of a new iPhone 3GS. They also unveiled interesting new functionality in MobileMe, which started out a long chat in our lab. To summarize our discussion, tomorrow, MobileMe is releasing three novelties: locating your iPhone, for example, when it is lost displaying a message or a sound onto your iPhone remotely wiping your iPhone so a thief won't find read any sensitive data All of these are quite appealling at... [Read More]
by RSS Axelle Apvrille  |  Jun 16, 2009  |  Filed in: Security Research
Read this article if you use CRC32, or if you know it is unsecure but think it is good enough in your case. CRC32 - Cyclic Redundancy Check with 32 bits of output - is a widely used checksum algorithm. It is designed to detect accidental alteration of data during transmission or storage. It is not meant to be used in security-related situations. Now, my crypto-friends are probably already bored and will tell me it has been known for ages. Sure, but if it is that obvious, why do people keep on using CRC32 in wrong situations ? Have a look at the... [Read More]
by RSS Axelle Apvrille  |  Jun 09, 2009  |  Filed in: Security Research
On May 29th, 2009, U.S. President Barack Obama held a conference at which he discussed a cyber security plan following an earlier 60 day review released in April. While there has been much debate and discussion on this initiative which is yet to take development with the announcement of a cyber "czar", I think one the more important aspects to recognize is that this is a step forward. Is it a step forward because this is the one answer, the silver bullet launched from the U.S. to stop cyber terrorism and information warfare in its tracks? Certainly... [Read More]
by RSS Derek Manky  |  Jun 04, 2009  |  Filed in: Security Research
I decided it was high time I changed my car, well it was either that or wash it. So not being a car-o-phile I didn't have a specific model in mind so decided to head to that area of down where all the showrooms are located. I gave the GM dealer a miss, their financial position seems way too exciting for me to come involved in just at the moment, I wish them luck. I pick a showroom based largely on reputation and anecdotes and set about selecting a model that I thought would suit, a wheel on each corner, the right number of seats. Much discussion... [Read More]
by RSS Darren Turnbull  |  Jun 03, 2009  |  Filed in: Security Research
Tags: security utm
There was much activity to recap on our May 2009 Threat Landscape report, now available through Fortinet's FortiGuard Center. During this month-long period from late April to May, there were many items to highlight: Threats were on the increase in all areas, with a flurry of activity coming from malware. Last report we discussed the consistent activity from Virut and online gaming trojans, as well as the real money trading business in which cybercriminals flock: gold farming, account harvesting, etc. There were three gaming trojan variants present... [Read More]
by RSS Derek Manky  |  May 28, 2009  |  Filed in: Security Research
This is the topic of an Interop panel featuring Anthony James, Fortinet vice president of products, and folks from Juniper Networks, Palo Alto Networks and Ashton, Metzler & Associates. The panel will be at 11:30 a.m. tomorrow at Mandalay Bay, Breakers E room. Here's the overview: _The traditional wide-area network (WAN) firewall makes two flawed assumptions. One assumption is that the information contained in the first packet in a connection is sufficient to identify the application. The second assumption is that the transmission control... [Read More]
by RSS Rick Popko  |  May 19, 2009  |  Filed in: Security Research
Fortinet delivers a new generation of high-performance security with FortiOS 4.0, extending the scope of consolidated security and networking capabilities within FortiGate® multi-threat network security platforms. In this video Jason Wright of Fortinet’s product group provides a quick introduction to it's top new features, including: WAN Optimization Application Control SSL Inspection Data Leakage Prevention (DLP) [display_podcast] For more information, please visit [Read More]
by RSS Rick Popko  |  May 19, 2009  |  Filed in: Security Research
Tags: video
Our sensors (i.e. our digital media person, a rabid fan of Facebook) caught today some interesting Facebook private messages. One of such, sent by a "Friend" to about 100 contacts of hers, merely consisted in a domain name, as can be seen below: Fortunately for Daniel, he did not know what to do with it (or he knew, but did not want to); yet other recipients may have recognized a domain name, and entered it in their browser's address bar, out of curiosity. After all, that's from Martha, and she usually sends rather funny links. Of course, the... [Read More]
by RSS Guillaume Lovet  |  May 04, 2009  |  Filed in: Security Research
Recently, we stumbled upon a strange Javascript file; at first sight, it looked like a totally legitimate, clean file. The file name is jquery.js and has all the characteristics of a proper jquery file. Even the header was kept: /* * jQuery JavaScript Library v1.3.1 * * * Copyright (c) 2009 John Resig * Dual licensed under the MIT and GPL licenses. * * * Date: 2009-01-21 20:42:16 -0500 (Wed, 21 Jan 2009) * Revision: 6158 */ jquery is a popular javascript library used as said on the homepage ( [Read More]
by RSS David Maciejak  |  Apr 30, 2009  |  Filed in: Security Research
Our April 2009 Threat Landscape Report is now available, recapping a month of threat activity from exploits and malware, to spam. Here are some key movements from the report along with comments: Waledac is one of the most active malware families to be on the lookout for. This period, we saw a fifth campaign hit since the beginning of this year, serving up malicious variants disguised as SMS spying software. With frequent campaigns, heavy server side polymorphism, binaries packed with fluctuating seed lists (portions of its network), and peer to... [Read More]
by RSS Derek Manky  |  Apr 28, 2009  |  Filed in: Security Research