Posted by Ryan W. Smith
Norton recently released their 2011 Cybercrime Report, and while there may be some contention around the specific numbers used and the comparison of the total cost of Cybercrime to the estimated revenue of drug trade, several aspects ring true.
read more »Posted by Ryan W. Smith
Researchers at AndroidPolice have reported a massive privacy vulnerability in the latest update to the HTC Android Mobile OS. This vulnerability allows applications that request the permission “android.permission.INTERNET” to access much more than the Internet, including: phone numbers dialed, GPS information, SMS data, account and email information, system logs, a full list of applications installed, and a list of running tasks.
read more »Posted by Paul Jauregui
Praetorian’s newest team member, Daniel Herrera, has been selected to present at this years LASCON Conference in Austin, TX on Oct 28th. In his LASCON presentation, Daniel will focus on common obfuscation techniques identified in the wild that function in all modern browsers. In this talk, each technique will be explained with functional examples demonstrating how and why a particular obfuscated method works.
read more »Posted by Paul Jauregui
Praetorian’s VP of Engineering, Ryan W Smith, has volunteered over the summer to be a mentor in The Google Summer of Code through The Honeynet Project. Google Summer of Code is a global program that provides stipends for students around the world to work on open source projects for a few months out of the year (the Summer for those in the US).
read more »Posted by Paul Jauregui
Praetorian’s Matt Tesauro is scheduled to speak at OWASP AppSec USA 2011. Matt will cover steps for taking your testing tools from laptop to the cloud using new features of the OWASP Web Testing Environment (WTE).
read more »Posted by Ryan W. Smith
Peiter Zatko, better known among hackers worldwide as “Mudge” from L0pht, announced at BlackHat last week that DARPA has created an agile cyber security program called Cyber Fast Track (CFT). In his new position at DARPA, as the head of the information innovation office, Mudge has created a program that allows independent researchers working on cutting edge projects to receive DARPA funding without the need to jump through endless hoops and paperwork.
read more »Posted by Paul Jauregui
Praetorian’s Ryan W Smith and Adam Pridgen to speak at OWASP AppSec USA 2011. The two security researchers will present their work on STAAF, an efficient distributed framework for performing large scale android application analysis.
read more »Posted by Paul Jauregui
Praetorian’s Matt Tesauro, OWASP Board Member and WTE Project Lead, to speak at Agile Austin’s next meeting. Using the OWASP Web Test Environment (WTE), he will showcase best practices and demonstrate secure methods for designing and testing your software for ruggedness.
read more »Posted by Nathan Sportsman
Over the past few months the public has witnessed a recent string of high profile breaches. Targeted attacks by state sponsored organizations, civilian hacktivist groups, and small hacking crews have penetrated the likes of Sony, RSA, Lockheed Martin, Gmail, IMF, PBS, Citibank, and ADP. Story after story has caused cybersecurity to become front of mind (at least temporarily) for many companies, and the public can’t seem to get enough of the online shenanigans.
read more »Posted by Adam Pridgen
A few weeks ago, I built a basic fuzzer in GDB for an iPhone application I was testing and I thought it would be worthwhile to share. Before I get started, I should point out two very useful resources concerning Mac OSX and iOS reversing. First, nemo’s article is a very informative piece, that helps shed a little light on how easy it is to reverse engineering Objective-C (Obj-C) code [1]. Then there is another site, “Reverse Engineering Mac OS X”, which offers some useful information and a very handy gdbinitrc script [2].
read more »