Video: Building Custom Android Malware for Penetration Testing
By Robert Erbes @rr_dot In this presentation, I provide a brief overview of the Android environment and a somewhat philosophical discussion of malware. I also take look at possible Android attacks in order to help you test your organization’s defenses against the increasingly common Bring Your Own Device scenario. http://youtu.be/68D7CjkgYt8
Bleeding Hearts
The Internet is ablaze with talk of the “heartbleed” OpenSSL vulnerability disclosed yesterday (April 7, 2014) here: https://www.openssl.org/news/secadv_20140407.txt While the bug itself is a simple “missing bounds check,” it affects quite a number of high-volume, big business websites. Make no mistake, this bug is BAD. It’s sort of a perfect storm: the bug is in a library used to encrypt sensitive data (OpenSSL), and it allows attackers a peak into a server’s memory, potentially revealing that same sensitive data in the clear. Initially, it was reported…