What Is A QuantumInsert Exploit

QuantumInsert is an NSA attack described in the Snowden documents. A QuantumInsert is a sophisticated type of Man-In-The-Middle attack. The NSA uses secret servers strategically placed on the internet backbone, codenamed Quantum. These servers intercept traffic to well-known web sites like Google, Yahoo, LinkedIn, Facebook and so forth. The Quantum servers are placed in places…

What is FoxAcid

The following is a description of one of the NSAs cyber-attack methods revealed on the Snowden documents. FoxAcid is a system designed by the NSA capable of launching a variety of attacks at target computers. The NSA refers to this as an “exploit orchestrator”. It is a Windows 2003 server loaded with PERL scripts and…

Man In The Middle (MITM) Attacks

A Man-in-the-Middle attack is a cyber-attack where an intruder injects themselves in the middle of the communication between two parties. The intruder pretends to be both parties. Let us imagine that John is talking to Mary over the phone. Frank listens in by capturing John’s side of the conversation then forwarding it to Mary. He…

Stuxnet Virus Goes Interstellar

A Russian cosmonaut brought a USB drive to space and unknowingly infected the space station with the Stuxnet virus. The news of the infection was released by Eugene Kaspersky, founder of Kaspersky Labs. Kaspersky Labs is one of the world’s largest anti-malware and information security companies. Kaspersky spoke to reporters in Australia saying, “The space…

FBI Needs Help

The FBI needs help prosecuting Vladimir Tsastsin. Just over a year ago Tsastsin and six of his cohorts were arrested in Estonia charged with running a click fraud scheme that infected more than four million computers in over 100 countries — an estimated 500,000 of those PCs in the United States.  The defendants are suspected of using…

New PCI Data Security Standards

Version 3.0 of the PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) goes into effect on January 1, 2014. That is only 45 days from today. The PCI SSC published the 3.0 standards in their document library on Thursday. The changes are suppose to allow for more flexibility, with an increased focus…

Cyber Security For The Boss

On December 10th from 8:30 a.m. to 4:30 p.m. the University of Houston-Clear Lake’s Cyber Security Institute will present “Cyber Security For Decision Makers: A Non-Technical Presentation”. The one day conference will take place at the NASA Johnson Space Center Gilruth Center. Cyber Security Institute Executive Director T. Andrew Yang said “This daylong presentation will provide…

Loverspy Creator Makes FBI Most wanted

The FBI alleges that Carlos Enrique Perez-Melara is the creator of a spyware called “Loverspy”. The offense occurred in 2005. This week he was added to the FBI Cyber’s Most Wanted List. Perez was placed on the list because the FBI have been unable to track him down. Loverspy was advertised as software that can…

Browser Security

After email the most common source of Malware infections is through your internet browser. So securing your browser is a great way to defend against Malware and protect your privacy. This is the first in a series of tips to help our readers protect themselves. This first tip will focus on general practices. Subsequent tips…

Malware That Downloads Malware

The Microsoft Malware Protection Center (MMPC) reports a rise in the spread of the Win/32.Upatre Trojan. Upatre is spread via email attachment. Once it has infected a machine its purpose is to download further malware. The chart below shows the uptake in Upatre infections. The most commonly downloaded Malware by Upatre is Win32/Zbot.gen!AM which steals…