Author Archive for Adriano Dias Leite
Infosec Professional, father, restless learner, but above all, a thinker trying to help others by creating standardized solutions for situations and challenges I face on a daily basis. In this blog's case, I try to share a bit of my experience finding Infosec/Risk Management/Compliance jobs locally and abroad.
Targeted Attack Against UAE Activist Utilizes CVE-2013-0422, Drops Malware
Earlier this month, BahrainWatch.org was contacted by an UAE activist, who reported receiving a suspicious email. Upon deeper examination, it was revealed that it was a targeted atttack relying on Java exploit (CVE-2013-0422), which would have dropped a Remote Access Trojan (RAT), if the attack wasn’t detected. The malware was hosted on the isteeler(dot)com domain, [...]
The Eavesdropping System In Your Computer
Dan Farmer has an interesting paper (long version here; short version here) discussing the Baseboard Management Controller on your computer’s motherboard: The BMC is an embedded computer found on most server motherboards made in the last 10 or 15 years. Often running Linux, the BMC’s CPU, memory, storage, and network run independently. It runs Intel’s [...]
Network Forensics Defined?
One of my research projects this quarter will be focused on a really, really exciting subject: network forensics. While we will likely formally define it in the course of our research, I wanted to briefly explore it in this blog post. As I understand it now, “network forensics” today exists at the confluence of several [...]
Making The Case For National Cyber Labs
Recently I received a most interesting link from a friend, about a tiny city that was actually a perfect working model of a real-life city built by the SANS Institute. It had real banking networks, power grid networks, public transit systems, a hospital, a military complex, you name it. It’s a fully decked out city [...]
No Limits—New York Times Hacked By China
A must-read reported by the Times itself: For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees. The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that [...]
Remember, Every Jailbreak Is A Security Exploit
See update at the bottom TechHive’s piece on the new iOS 6.1 jailbreak. Only works on the pre-A5 processors, which means the iPhone 4S and iPad 2 and later are safe. The device must be connected to a computer for it to work. This is a tethered jailbreak which means it goes away when the [...]
