Security News

  • Microsoft is spending resources taking down botnets (via HNTV).  I’m happy for this decision, as Microsoft does have the ability to provide a lot of knowledge regarding how botnets misuse their operating systems.
  • Want to hack Android phones?  Just use malicious QR codes (and put them up on posters in various areas; people love clicking on things they shouldn’t), or put out an app which has Internet access permissions and read a lot of HTC logs.  Right now, cell phone security is almost nonexistent.  People assume that they don’t need any kind of security, and that nothing bad could happen—it’s just a phone, right?  An analogy that I saw was that cell phone security is approximately at Windows 98 levels.  As I said, almost nonexistent.
  • What happens when a government designs a Trojan Horse?  Yukabacera at The Daily WTF forums describes the Bundestrojaner.  I have not yet read the Computer Chaos Club’s report (in German), but I look forward to it.  It sounds like the type of thing we should all be afraid of:  when governments build backdoors into applications or try to get their own code in to spy on people, what prevents bad guys (assuming that government officials themselves aren’t bad guys or don’t abuse their power to spy on plumbers) from hijacking that same code?  The existence of a vulnerability is scary enough, and unlike private vulnerabilities, the government may deem this one “necessary,” meaning that people couldn’t remove it.