http://www.secureworks.com/research/blog Information security analysis and commentary from the research team at SecureWorks. http://www.secureworks.com/research/blog/index.php/2009/01/04/chinese-hackers-talk-hacking Zhong guo hei ke tan hei ke, or 'Chinese Hackers Talk Hacker,' was an information security conference held earlier this year in Beijing, China. Sponsored by Yesky, a popular Chinese electronics e-retailer, the event drew around 80 attendees, most of which were hackers that had previously communicated entirely over the internet. http://www.secureworks.com/research/blog/index.php/2009/01/04/chinese-hackers-talk-hacking http://www.secureworks.com/research/blog/index.php/2008/12/22/ie-users-beware On December 9, 2008, a "weaponized" zero-day exploit for a previously undisclosed vulnerability in Microsoft Internet Explorer 7 was discovered in the wild being used by Chinese hackers to install malware on victims' computers. The exploit was based on a proof-of-concept that was posted on a Chinese forum early in November of 2008, and coincidentally, launched on the same day as Microsoft's last batch of security patches for the year. http://www.secureworks.com/research/blog/index.php/2008/12/22/ie-users-beware http://www.secureworks.com/research/blog/index.php/2008/12/12/ftc-takes-on-antivirus-xp Early last week the FTC took aim at Antivirus XP and the people behind it. Antivirus XP is a well known scam, that SecureWorks has investigated previously. The FTC sought and was granted a temporary restraining order (TRO) that requires the entities and people behind Antivirus XP to stop claiming they are preforming AV scanning, concealing their identities (including to cease use of any domains registered using false information), and to not spend, hide or transfer any of their ill-gotten gains. http://www.secureworks.com/research/blog/index.php/2008/12/12/ftc-takes-on-antivirus-xp http://www.secureworks.com/research/blog/index.php/2008/11/18/first-atrivo-now-mccolo Security researchers have had a number of victories to celebrate recently. First Atrivo and now McColo have been disconnected from the Internet. This was done not by law enforcement or other governmental action, but rather by the concerted efforts of the Internet community. http://www.secureworks.com/research/blog/index.php/2008/11/18/first-atrivo-now-mccolo http://www.secureworks.com/research/blog/index.php/2008/11/03/tracking-gimmiv On October 23, 2008, Microsoft released an out-of-cycle emergency patch for a flaw in the Windows RPC code. The reason for this unusual occurance was the discovery of a "zero-day" exploit being used in the wild by a worm (or trojan, depending on how you look at it). The announcement of a new remote exploit for unpatched Windows systems always raises tension levels among network administrators. The fact that this one was already being used by a worm evoked flashbacks of Blaster and Sasser and other previous threats that severely impacted the networked world. http://www.secureworks.com/research/blog/index.php/2008/11/03/tracking-gimmiv http://www.secureworks.com/research/blog/index.php/2008/11/03/beginning-of-the-end-for-estdomains http://www.secureworks.com/research/blog/index.php/2008/11/03/beginning-of-the-end-for-estdomains http://www.secureworks.com/research/blog/index.php/2008/10/21/darkmarket-fbi-sting-closes-e-doors DarkMarket.ws (known in carding, identity theft, and other black-hat rings) went "Dark" earlier this month. DarkMarket was widely known and respected among criminals as a forum for exchanging stolen banking data, credit card information, and other underground activities. What users of the site didn't know was that the site wasn't really hosted by Eastern-European hackers. http://www.secureworks.com/research/blog/index.php/2008/10/21/darkmarket-fbi-sting-closes-e-doors http://www.secureworks.com/research/blog/index.php/2008/10/10/clickjacking-attacks ClickJacking has recently been getting lots of media attention. Security Researchers Robert Hansen ("RSnake") and Jeremiah Grossman planned to give a talk outlining this vulnerability at OWASP AppSec, but the talk was cancelled. At this point, some details have come to light. http://www.secureworks.com/research/blog/index.php/2008/10/10/clickjacking-attacks http://www.secureworks.com/research/blog/index.php/2008/10/01/toorcon-report http://www.secureworks.com/research/blog/index.php/2008/10/01/toorcon-report http://www.secureworks.com/research/blog/index.php/2008/09/23/speaking-at-toorcon-this-weekend I have the honor of presenting at ToorCon X this coming weekend at the San Diego Convention Center. I will be delivering a new talk entitled âLoaded Dice: SSH Key Exchange & the OpenSSL PRNG Vulnâ at 2pm PDT on Saturday, September 27. http://www.secureworks.com/research/blog/index.php/2008/09/23/speaking-at-toorcon-this-weekend