The Kindle Fire HDX is a move away from the traditional Kindle, its a tablet rather than an e-reader. The resolution is 1920 x 1200, which is what you would typically get on a normal PC monitor and even better than a lot of the televisions out-there, AND its HD, High Definition, with a screen that will adjust depending on the amount of sunlight around, a feature ported from the original Kindle. The processor is a fast 2.2 GHz quad-core processor, which again is what you would find in a low end laptop, but it packs a small 2GB of RAM. Now-a-days... 

New Star-Wars trailer is out, and the movie looks like it is going to be a hit. Come on Christmas 2015!  Read More »

A Toxic Hell Stew of Vulnerabilities The above quote was made by Tim Cook at last years Apple developers conference in regards to the Android operating system. He went on to say that 99% of all Mobile Malware was produced for, and operated on Android. Having come from a threat research background I can tell you he is not to far wrong. But…. There are lies, damn lies and then, there are statistics. If you just limit your view to a portion of the statistics you could easily conclude the Android is indeed “a toxic hell stew of vulnerabilities”,... 

Legbacore Presenation The boys Xeno Kovah and Corey Kallenberg, regulars at the major security conferences, gave a presentation at the CanSecWest security conference in Vancouver this past week, on how to hack BIOSes. Xeno and Corey, previously of MITRE (you know the non-profit organization that manages Federally Funded Research and Development Centers (FFRDCs) supporting the DOD, the FAA, the IRS, the DHS, and NIST) fame, have gone out on their own at LegbaCore. Their first major bit of research is a working proof of concept of owning BIOS Chips... 

Dr Kevin Jones & Ben Parish It has been announced today that Airbus Group Innovations has been awarded a major contract by the Defence Science and Technology Laboratory (DSTL), as part of their Cyber Situational Awareness research project. The project goal is to develop and mature a Virtual Cyber Centre of Operations (VCCO), that will allow military decision makers to call on experts anywhere around the world to help deal with cyber situations. The research will assist in the development and design of a next generation Security Operations... 

I currently work for Trend Micro, one of the top three Anti-Virus vendors in the market. In fact in Japan we have something like 70% market share and are also by far the favourite AV product in Germany and Iceland. We fight with McAfee and Symantec for the top positions around the rest of the globe. My background has always been security, but previously it was Security Information and Event Management, known as SIEM, and Security Configuration Management, not so much Malware and Trojans. So, I had to get up to speed. I did do an internal course... 

One of the first Cyber Weapons that has been talked about from any nation was Stuxnet. The Israelis and Americans came out of the closet to admit that they had an active cyber offensive program and that “Yes” they had created Stuxnet to put the Iranian nuclear program behind schedule. What I find interesting about this admission, is not that they admit to having an active cyber offensive program, I expected that, but to admit that you created a cyber weapon, that used several zero day critical vulnerabilities that could be used against... 

In a previous article I explained what an APT looked like. Most organisations I talk to believe they are not likely to be a target of an APT, the logic being that they have nothing of interest that a foreign government would need. It is true certain organisations are more likely to be targeted by a foreign government, other government organisations for example, organisations that make up part of the critical national infrastructure, that would include most banks, oil and energy companies, broadcasters or power generating organisations, however... 

One of the big themes of InfoSec 2013 was APT’s. A number of talks specifically targeted (excuse the pun) this topic. The perception is that APT’s are state sponsored attacks, this perception is driven by the cost and resources required to implement this type of attack. The reality is however that if you have digital assets that are worth going after, you are at risk of this type of attacks. For those not in the specific anti-malware/anti-virus industry the definition of an Advanced Persistent Threat is not entirely clear. From... 

There have been a lot of recent security breaches in cyber land, including LinkedIn, the FBI and more recently Yahoo. The Yahoo breach included over 400,000 usernames and passwords. While this is bad news for Yahoo, it does give us a chance to analysis the passwords from the 400,000 users and see what insights we can derive. Below is an analysis of the Yahoo passwords. The top ten passwords are a list of the usual suspects with “qwerty,”123456” and good old “password” all appearing again. It is good to see password...