Malicious JPEG used to hack network

Security expert and penetration tester Marcus Murray discovered a way to use a malicious JPEG to compromise modern Windows servers and elevate privileges over targeted networks. The researcher has demonstrated the attack a few days ago in a live hack for the RSA conference in San Francisco, the hacker used a malicious JPEG to violate

Tor-enabled routers

Ars recently reviewed two “Tor routers”, devices that are supposed to improve your privacy by routing all traffic through the Tor anonymity network. Although the initial release of Anonabox proved woefully insecure, the basic premise itself is flawed. Using these instead of the Tor Browser Bundle is bad: less secure and less private than simply

SCIpher – A Scholarly Message Encoder

Ten years ago, a trio of MIT students created SCIgen, a program that spits out gibberish academic papers that have, improbably, since been published in real journals. Many embarrassing catches later, SCIgen’s creators are back with something even better: SCIpher. SCIpher was born from three things: A desire to exchange secrets in a post-PRISM world

Gentlemen, start your engines

Thieves might be developing ways to steal newer cars that use proximity keys to open the vehicle and start the engine, with motorists overseas being urged to keep their keys in the fridge or freezer. The cold is not the issue, it’s the fact that it’s a big aluminium or steel box. It’s supposed to

The Empire Strikes Back

One of the most active APT groups in Asia, and especially around the South China Sea area is “Naikon”. Naikon plays a key part in our story, but the focus of this report is on another threat actor entirely; one who came to our attention when they hit back at a Naikon attack. 

AV-Comparatives: File Detection Test March 2015

AV-Comparatives: File Detection Test March 2015 AV-Comparatives: File Detection Test March 2015 (chart) AV-Comparatives: False Alarm Test March 2015 AV-Comparatives: False Alarm Test March 2015 (chart) AV-Comparatives: RealWorld Protection Test Overview  March 2015 (chart)


The Snowden and subsequent revelations have called into question the integrity of some of the implementations of basic cryptographic functions and of the cryptographic devices used to secure applications and communications on the Internet. There are serious questions about algorithms and about implementations of those algorithms in software and particularly in hardware. The algorithmic issues


For a guy so careful about passwords that he’s known to pull a blanket over his head when entering them into his laptop, Snowden’s ironic Tory-fetishizing password advice is far from ideal. Or, do we assume that this is a throw away example he uses for public display? Assume your adversary is capable of one

BitTorrent and digital fingerprints

The Dallas Buyers Club LLC v iiNet Limited piracy court case raises many questions about what sort of trail people leave when they use technology to make illegal copies of movies and other copyrighted material. The Federal Court of Australia has ruled that iiNet and a number of other internet service providers (ISPs) are required

Lost in the clouds

Everything we do online leaves a trail that leads directly to us; something privacy advocates are fighting to eliminate. However, we’re our own worst enemy when it comes to privacy, and personal cloud adoption has done nothing to help the situation. Each day millions of people across the globe create backups of their files. These

The United States Of Australia

The DEA’s newly revealed bulk collection of billions of American phone records on calls to 116 countries preceded the NSA’s similar program by years and may have even helped to inspire it, as reported in USA Today’s story Wednesday. And the program serves as a reminder that most of the legal battles between government surveillance efforts

One-time Pad

One-time pad (OTP), also called Vernam-cipher or the perfect cipher, is a crypto algorithm where plaintext is combined with a random key. It is the only existing mathematically unbreakable encryption. We can only talk about one-time pad if some important rules are followed. If these rules are applied correctly, the one-time pad can be proven

Which Tor Router?

Anonabox or InvizBox – These devices are, to varying degrees, effective ways to hide from unwanted attention of all sorts. That is, they’ll work short of a state actor looking to use a giant datacenter dedicated to performing all manner of de-anonymizing attacks by using the Tor takeover conspiracy model of the week, zero-day malware, or

How To Make A Secret Phone Call

To show how hard phone privacy can be, one artist examined the CIA, consulted hackers, and went far off the map. Step-by-step, Wallen instructs people in the laborious — and damned near impossible — art of ducking cell phone surveillance. Wallen conjured a clandestine cell phone network that could be used on demand. His step-by-step

Your tax dollars at work

It’s not only digital criminals who like to secretly infect people’s computers with invasive malware. In fact, the FBI likes malware so much, it created its own special brand. We don’t know much about it, but now that the US Department of Justice is pushing for policy changes that will allow the FBI to install