382 Computer Security Blog

[382] Macro’d Microphone Malware

Posted on

(I’ve got to stop with this alliteration nonsense.) ArsTechnica reported today on findings by CyberX labs that over 600GB of data was obtained from 70 different targets in varying industries, including “critical infrastructure, news media, and scientific research.” Targets were mostly inside Ukraine, though a small number of targets were from Russia, Austria, and Saudi […]

382 Computer Security Blog

[382] At This Point, It’s Getting Ridiculous

Posted on

I’m always reticent to discuss politically-aligned matters in professionally-oriented spaces like this one. Not because I have any particular aversion to politics (my Twitter and Facebook pages would seem to indicate the exact opposite), but because I generally don’t believe it’s appropriate to discussion subjective matters (like politics) in places where you should be as objective as […]

382 Computer Security Blog

[382] The Rise of Stateless Malware

Posted on

ArsTechnica reported today on a new rash of bank-targeting malware infections which, unlike your average malware, are unique in that they store almost nothing on infected users’ disk drives, instead existing solely in a computer’s RAM. (What they do store in memory is relegated to small powershell commands in the Windows registry.) As a result, they are tremendously difficult […]

382 Computer Security Blog

[382] How Google Mounted a Mirai Resistance

Posted on

Last September, KrebsOnSecurity, the website of prominent security researcher Brian Krebs, found itself on the receiving end of what has been characterised as the largest DDoS ever, orchestrated by targeting a botnet composed millions of IoT (internet-of-things) devices, like Refrigerators and Camera, towards the website. For a time, KrebsOnSecurity lived thanks to pro-bono DDoS protection from Akamai, […]

382 Computer Security Blog

[382] Symantec’s HTTPS Woes

Posted on

HTTPS is the protocol used for secure client-to-server communication over HTTP. It adds in an SSL certificate to every server request, and we validate these certificates by asking certificate authorities (CAs) whether or not they’re legit. (As always, this is a simplification.) For many years, any action on the internet that benefited from privacy — like […]

Snippets

Snippet #1: Cross-Browser Opacity

Posted on

Now for some snippets! Basically, just code that might be handy on a cheat sheet. Nothing complicated. This one will enable proper CSS opacity across all browsers (albeit with some caveats in Internet Explorer, which will behave slightly differently at times): selector { filter: alpha(opacity = 50); /* IE 5.5+ */ -ms-filter: alpha(opacity = 50); […]

Coding Blog

PHP to Parse CSS

Posted on

In a project a started a while ago (…and am likely to never finish, both due to legal restrictions and time constraints), I had to parse a chunk of PHP code and break it down into the individual values. Nothing in PHP can really do this natively, since CSS has to be parsed quite loosely. With […]

Coding Blog

Mobile Support for the Top 1,000,000 Websites

Posted on

This is the program, paper, and presentation that I wrote for my final project in A.P. Statistics, which involved testing whether or not mobile website support had appeared to increase between when I performed my analysis and an earlier analysis by Mongoose Metrics. The Program: Scanning Code The Program: Process Code The Paper Click here […]