The Bourne Identity

An identification, user detection or, simply, web-tracking, all that means a computation and an installation of a special identificator for each browser visiting a certain site. By and large, initially, it was not designed as a ‘ global evil’ and, as everything else has another ‘ side of a coin’, in other words it was made up to provide a benefit, for example, to allow website owners to distinguish real users from bots, or to give them a possibility to save user’s preferences and use them during the further visits. However, at the same time this option catch promo’s fancy. As you know, cookies are the most popular way to detect users. And they have been being used in advertising since 90s.

Read full article →


Apple forensic: advanced look onto Apple security

Most expert reviews mean physical access to the device, and the expert has two tasks to achieve: retrieve as much information and data as possible and leave as little evidence of such retrieval (artifacts) as possible. The second task is especially important when the results of such forensics are to be presented in court: too many artifacts may impede a follow-up expertize, which is, in turn, may compromise the results of the initial one. In many cases it is impossible to avoid such artifacts; one of attempts to solve this problem is a detailed record of each artifact created on various stages of the investigation.

Read full article →


How to get sensitive data using social networks API?

OSINT

OSINT (Open source intelligence) is a discipline of American Intelligence Service responsible for search, collection, and choice of information from publicly available sources. Social networks are among the largest public information suppliers, because almost all of us have an account (sometimes more than one) in one or more social networks. Here we share the news, private photos, preferences (e.g., when you “like” something or start following some community), friend lists. And we do it of our own free will without thinking of possible consequences. In several articles, we already analyzed the ways of getting the interesting data out from the social networks. Usually it had to be done manually, but for better results, it’s more reasonable to use specific utilities. There are several open source utilities enabling to get user information out of the social networks.

Read full article →


A Detailed Analysis of the First Locking and File Encrypting Ransomware for Android

The phone infection process has nothing unusual compared to the scheme that is already known for Android-based devices. A malicious APK file gets into the phone under the guise of the game called ‘Sex Xonix’, which supposedly gives you an opportunity to look at some naked women. Obviously, there is no way of stumbling upon such ‘treasure’ on Android Market. So it dwells on all sorts of second-class websites with questionable content, which attracts those who ‘like it hot’.

Read full article →


Learning to detect shell codes for ARM platform

Shell codes, what are they and what do they do?

Today we are going to talk about one of the types of malicious instructions exploiting remote software vulnerabilities, particularly memory vulnerabilities. Historically, such sets of instructions are called shell codes. Previously such attacks used to grant access to shell, and somehow it became the custom. Typical memory vulnerabilities exploited by shell codes are, first of all, buffer overrun, stock variables and other structures overrun.

Read full article →


Why do we need ARM on servers?

A small optimized kit of ARM chip commands is perfect for mobile devices. Thanks to lower power consumption, it is very popular today for being used in smartphones and tablets. However, recently there has been a lot of talk about the ARM chips being introduced into the area entirely occupied by Intel — the servers.

Read full article →


Monetizer Trojans

Browser Start Page Modifiers (Trojan.StartPage Family)

One of the best-known and most aggressive members of this family is, undoubtedly, Adware.Webalta.2 (according to Dr.Web’s classification). This piece of work is intended for viral advertising of webalta.ru, a Russian search engine, (we are happy to learn that, by now, this resource has fallen into decay and refuses to find whatsoever :))

Read full article →