lost+found: Android, botnets, Top 10, CryptoMan
- A commercial spyware product is now available for Android. While it can't record conversations, it does log the numbers of all incoming and outgoing calls and send them to a logging server. The malware also continuously registers GPS data and spies out the content of text messages.
- To infiltrate and counteract modern botnets, it is necessary to understand the protocol between a bot and its C&C server. Researchers have now developed a method that facilitates this task which has been used, for instance, for exposing the communication of the Mega-D botnet.
- The Open Web Application Security Project (OWASP) has published its Top Ten vulnerabilities in web applications. Unsurprisingly, the top three positions are held by SQL injections, cross-site scripting and session management flaws. Directly accessing objects within the server structure without authentication, for example by manipulating a URL, comes in fourth place, followed by cross-site request forgeries in fifth place.
- An action figure of crypto guru Bruce Schneier (CryptoMan) is now available to purchase online. The figure comes with a choice of outfits and other options.