http://nakedsecurity.sophos.com Computer Security · News · Opinion · Advice · Research Tue, 21 May 2013 08:43:05 +0000 en hourly 1 http://wordpress.com/ http://s2.wp.com/i/buttonw-com.png http://nakedsecurity.sophos.com http://nakedsecurity.sophos.com/2013/05/09/redkit-exploit-kit-part-2/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/05/09/redkit-exploit-kit-part-2/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Thu, 09 May 2013 11:03:49 +0000 Fraser Howard http://nakedsecurity.sophos.com/?p=225752 ]]> http://nakedsecurity.sophos.com/2013/05/09/redkit-exploit-kit-part-2/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 5 A closer look at the malicious Redkit exploit kit fraserhoward Red eye. Image from Shutterstock Obfuscated payload URL passed into Java Java code to decode payload URL Security bypass in Redkit Reversed AES/CBC/NoPadding string Start of encrypted, downloaded file Decryption key and iv parameter within the Java code Java code to check for marker in decoded file Logic to save and execute one or two payload executables Decoded payload showing marker separating the two malicious executables Summary of Redkit exploitation process http://nakedsecurity.sophos.com/2013/05/06/monday-review-the-hot-20-stories-of-the-week-4/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/05/06/monday-review-the-hot-20-stories-of-the-week-4/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Mon, 06 May 2013 11:30:44 +0000 Anna Brading http://nakedsecurity.sophos.com/?p=225573 ]]> http://nakedsecurity.sophos.com/2013/05/06/monday-review-the-hot-20-stories-of-the-week-4/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 0 Monday review annabrading http://nakedsecurity.sophos.com/2013/05/03/lifting-the-lid-on-the-redkit-exploit-kit-part-1/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/05/03/lifting-the-lid-on-the-redkit-exploit-kit-part-1/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Fri, 03 May 2013 15:07:07 +0000 Fraser Howard http://nakedsecurity.sophos.com/?p=225459 ]]> http://nakedsecurity.sophos.com/2013/05/03/lifting-the-lid-on-the-redkit-exploit-kit-part-1/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 6 fraserhoward redkit115 Injected iframe used to redirect victims to Redkit Redkit landing page More recent Redkit landing pages, using JNLP Snippet of code from PHP shell used by Redkit Overview of how Redkit works Breakdown of Redkit compromised web servers by host country Breakdown of ISPs hosting the Redkit compromised web servers Web server breakdown for Redkit compromised servers http://nakedsecurity.sophos.com/2013/04/15/monday-review-the-hot-21-stories-of-the-week-5/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/04/15/monday-review-the-hot-21-stories-of-the-week-5/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Mon, 15 Apr 2013 09:44:24 +0000 Anna Brading http://nakedsecurity.sophos.com/?p=224121 ]]> http://nakedsecurity.sophos.com/2013/04/15/monday-review-the-hot-21-stories-of-the-week-5/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 0 Monday review annabrading http://nakedsecurity.sophos.com/2013/04/11/password-excel-velvet-sweatshop/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/04/11/password-excel-velvet-sweatshop/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Thu, 11 Apr 2013 15:23:25 +0000 Paul Baccas http://nakedsecurity.sophos.com/?p=223908 ]]> http://nakedsecurity.sophos.com/2013/04/11/password-excel-velvet-sweatshop/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 7 When is a password not a password? When Excel sees VelvetSweatshop paulbaccas Boobytrapped Excel file http://nakedsecurity.sophos.com/2013/04/02/mobile-device-us-military/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/04/02/mobile-device-us-military/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Tue, 02 Apr 2013 10:16:04 +0000 Beth Jones http://nakedsecurity.sophos.com/?p=222630 ]]> http://nakedsecurity.sophos.com/2013/04/02/mobile-device-us-military/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 7 Mobile device security in the US military comes under fire bethcroghan Inspector General report Location smartphone. Image from Shutterstock Mobile post it. Image from Shutterstock http://nakedsecurity.sophos.com/2013/04/01/monday-review-the-hot-13-stories-of-the-week/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/04/01/monday-review-the-hot-13-stories-of-the-week/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Mon, 01 Apr 2013 15:41:08 +0000 Anna Brading http://nakedsecurity.sophos.com/?p=222327 ]]> http://nakedsecurity.sophos.com/2013/04/01/monday-review-the-hot-13-stories-of-the-week/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 0 Monday review - the hot stories of the week annabrading http://nakedsecurity.sophos.com/2013/03/27/spicing-up-phishing-attacks/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/03/27/spicing-up-phishing-attacks/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Wed, 27 Mar 2013 16:40:55 +0000 Fraser Howard http://nakedsecurity.sophos.com/?p=217426 ]]> http://nakedsecurity.sophos.com/2013/03/27/spicing-up-phishing-attacks/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 4 Spicing up phishing attacks fraserhoward Phishing. Image from Shutterstock Fishing net. Image from Shutterstock Spammed PayPal phish email Empty iframe added to phish page Customer signup form billing form Hooking submission of billing form to send data back to attackers Feeding fish. Image from Shutterstock http://nakedsecurity.sophos.com/2013/03/25/monday-review-the-hot-21-stories-of-the-week-4/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/03/25/monday-review-the-hot-21-stories-of-the-week-4/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Mon, 25 Mar 2013 08:32:57 +0000 Anna Brading http://nakedsecurity.sophos.com/?p=221656 ]]> http://nakedsecurity.sophos.com/2013/03/25/monday-review-the-hot-21-stories-of-the-week-4/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 0 Monday review - the hot stories of the week annabrading http://nakedsecurity.sophos.com/2013/03/18/monday-review-the-hot-32-stories-of-the-week/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed http://nakedsecurity.sophos.com/2013/03/18/monday-review-the-hot-32-stories-of-the-week/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed#comments Mon, 18 Mar 2013 08:34:03 +0000 Anna Brading http://nakedsecurity.sophos.com/?p=221054 ]]> http://nakedsecurity.sophos.com/2013/03/18/monday-review-the-hot-32-stories-of-the-week/?utm_source=Naked%2520Security%2520-%2520Feed&utm_medium=feed&utm_content=rss2&utm_campaign=Feed/feed/ 0 Monday review - the hot stories of the week annabrading