Monthly Archives: June 2012

The Malware that Wastes Paper

A sign you’ve been hacked: your printer starts spewing printed pages full of junk. This isn’t an economic attack (unless you’ve got a massive color inkjet that costs 0.10/sq foot to run) — it’s a good example of an attacker’s error highlighting the attack. Triggering junk print jobs is a mistake that will get the […]

Extracting SecurID Token Keys

As far as I can tell, a vulnerability in PKCS#11 has allowed researchers to extract keys from certain RSA SecurID tokens, as well as a host of other secure token type devices. It appears even malware infecting a legit user’s computer can get the keys. A key-extraction attack like this allows an attacker to access […]

Trends in Data Breaches (and delays in security)

A good summary of the trends in ways organizations may have let your private data end up in the hands of evildoers recently. – Insider threat is down by a lot. – Physical attacks have decreased too, counter to what I predicted long ago. – Social engineering is increasing, but far outstripped by credential theft. […]

Facebook May Be MITMing Your Email

FYI. Facebook appears to have started replacing publicly-posted email addresses with, so that people trying to email you through your Facebook profile end up sending the messages through their servers. Which sucks. The only thing I ever found Facebook useful for was looking up people’s email address. It does make a lot of sense […]

Older Means Wiser in Computer Security

Older people tend to prioritize computer security more highly, while people aged 18-25 tend to be more overconfident about their security knowledge. Takeaway? Most of the people on this list are around that age bracket. So teach your less-security savvy friends to defend themselves. And brush up on your own knowledge, you probably know less […]

USB Malware Honeypot

Some of the biggest headline-grabbing bits of malware lately have spread via USB flash drives. This is hard to detect with conventional tools. A German student has developed a neat defense against them: a honeypot that plugs in a fake (software-emulated) USB stick every once in a while, and sees what tries to write to […]

Getting Rich in the Age of Internet Warfare

As yesterday’s link pointed out, all public signs point to the next few years being chock-full of various attacks. Malware, social engineering, and a whole lot more. So, what happens when the world wakes up and realizes how vulnerable they are? Consider the linked study by Anderson et al. of costs associated with conventional Internet […]