Security News #0x60
- Veil payloads are designed to evade anti-virus, but it is somewhat difficult to verify this. Before Christmas, Chris Truncer announced a way to check Veil payloads against VirusTotal without sending along a sample of the crafted malware.
- If you want to learn more about how to break into a system, you definitely want to head over to Techorganic and read about the De-ICE hacking challenge. This is a great example of problem solving in action and well worth your time.
- If you have had a good course in cryptography, you probably also want to take a look at Ari’s Blog, where he provides some background on elliptic curve cryptography, and explain in principle how you could back door such a system, as has been alleged for Dual_EC_DRBG.
- It looks like many SOHO routers may have backdoors. You may want to run that nmap scan on your own gear, just to be sure that you know what is running on your own network!
- The www.openssl.org site was attacked last weekend. The defaced home page has been archived. Later in the week, there was some hullabaloo as to how the server was compromised; you may want to look over at Ars Technica for their coverage.
- The Snapchat user database was recently exposed; ironically this appears to have occurred after they were notified that this was possible and they dismissed these claims as unfounded. Ouch. The summary over at NakedSecurity is worth a read.