The FORWARD project blog

According to Symantec, China’s hacking scene is growing rapidly, having become second in the world, after the US. Chinese Internet users appear interested in criminal hacking and government spying. “China’s hacking scene is clearly an active one”, “These individuals and groups are known for discovering vulnerabilities, writing exploit code and developing sophisticated hacking techniques” as the report states.

(more…)

Mozilla has released Firefox 3.6.2 almost a week ahead of schedule, after security issues were found in earlier versions. Firefox 3.6.2 was scheduled to launch at 30 of March, but is now available for download. The latest Firefox version fixes a vulnerability that could allow remote code execution attacks. Firefox is the second most popular browser in the web and its usage is between 20% and 32%.

(more…)

Albert Gonzalez is a hacker mastermind who has committed a lot of crimes by stealing credit and debit cards by major US retailers. He has been described as a greed personality motivated by his ego and his thirst for acknowledgment by the public for his computer intrusions. Among his criminal activities he used to exploit a government agency through his cooperation with the U.S. Secret Service providing classified information to his co-conspirators in the credit-card theft cases. (more…)

The  Pwn2Own contest is back this year and is looking the new winner. The competition starts at 24th of March 2010. in Vancouver. The winner is the person that will successfully hack an application or a  platform and the prize will be $100,000 USD and keep the target that exploit.

(more…)

You might have been browsing on the web or doing something else while you where logged into msn and out of nowhere you received a strange message from one of your contact lists containing a strange URL, such as http://your_email.partytimez.info or some kind of zip file. Some of us being unsuspicious might have clicked on it and that’s what in the first placed begun the spreading of the malicious spam.

(more…)

A pair of researchers in RSA 2010 security conference have demonstrated the feasibility of building a botnet using smartphones such as the iPhone or Android-like devices.

Derek Brown and Daniel Tijerina, security researchers with TippingPoint’s Digital Vaccine Group, presented their findings from a research project called MOBOTS: Pocketful of Pwnage, which was designed to show how easy it would be to create a large mobile botnet. (more…)

A vulnerability discovered in the openSSL library could compromise the secrecy of a device’s cryptographic key.

Scientists, from the University of Michigan’s electrical engineering and computer science departments have found a way to extract the private SSL key from a device by creating fluctuations in the power supply and reading the output whilst the device was encrypting data using the private key.

(more…)

Spanish law-enforcement agencies have recently shut down a 12M PC botnet, codenamed Mariposa (spanish for “butterfly”), distributed in more than 190 countries. Considering a typical size of such a malicious coalition at around 5K members, one may put into perspective how much of a security risk a network of millions of infected PCs really is. (more…)