Earlier this week the folks over at OpenDNS announced a preview release of their new tool DNSCrypt. This is touted as a huge step forward for privacy and security across the Internet. The premise is simple, encrypt all DNS traffic between the user and their recursive resolver. It's a nice idea and all, but I think they missed the mark.
According to OpenDNS, the code is actually the first real-world implementation of the DNSCurve scheme. The stated goals are to provide ...
Last month, Google announced that they were making search more secure for their users. They announced that users already signed in to Google would have a more secure experience. This meant two things: first, search queries and results would now be sent via HTTPS. This protects the searches of users with unsecured Internet connections, such as most WiFi hotspots.
The second part was far more interesting. According to our tests, Google does not include the search terms used to reach websites ...
It seems like Bitcoin is gaining popularity not only in the computing industry but in the threat landscape as well.
We recently reported a couple of attacks involving malware that installs a Bitcoin mining application into systems. Apart from turning systems into unwilling "miners," such malware also disrupt usage since the mining process takes up a great deal of system resources.
In the midst of talks about security issues surrounding Bitcoin, we found some attacks that target Bitcoin users, albeit through different ...
Mass attack by "Soldier" ensnares major U.S. corporations in its net, steals US$3.2 million in six months, causes organizations and individuals to be vulnerable to future attacks; 90+ other countries hit by shrapnel.
For some time now, we've been investigating the operation of a certain cybercriminal—a young man in his early 20s who resides in Russia. During our investigation, we discovered that the attacker uses various criminal toolkits, including SpyEye and ZeuS for crimeware, as well as exploit kits such as ...
In this blog post, we present concrete evidence that the recent compromise of Dutch certification authority DigiNotar was used to spy on Iranian Internet users on a large scale.
We found that Internet users in more than 40 different networks of ISPs and universities in Iran were met with rogue SSL certificates issued by DigiNotar. Even worse, we found evidence that some Iranians who used software designed to circumvent traffic censorship and snooping were not protected against the massive man-in-the-middle attack.
Rogue ...
