Posts

Showing posts from April, 2012

MyAppSecurity's ThreatModeler

MyAppSecurity's Threat Modeler is far more comprehensive than Microsoft's.  http://www.myappsecurity.com/threatmodeler/threatmodeler-vs-microsoft-tam/


Some of its features include:
Attack tree generation, which provides a visual representation of threats for a clearer analysis.Automatically identify high value targets to ensure necessary security controls are put in place.Centralized threat management to manage threats to your application, infrastructure, mobile devices, web services, etc.Design and develop secure applications by enforcing secure architecture guidelines and secure coding standards including code snippets for various technologies.Enforce secure deployment by providing secure hardening checklists for infrastructure components such as your database servers, web servers, host systems, etc.
Download it at http://www.myappsecurity.com/ThreatModelerSetup.msi
User Guide: http://www.myappsecurity.com/wp-content/uploads/2011/08/Getting-Started-with-ThreatModeler-A-Step-by-St…

One reason why browser-based exploits win over Antivirus

Image
As widely known, malware authors could make of SSL to bypass detection by proxy-based/host-based antivirus to deliver web-based malwares. Unlike HTTP, with the aid of anti-cache control header, malwares via HTTPS would never be saved to disk (which makes it undetected via on-access scanning mechanism by Antivirus softwares) and could be run directly from browser memory.

[click to enlarge]

Anatomy of Mobile Attack

Image
[click to enlarge]
In courtesy of https://viaforensics.com/ .  These attacks were briefly explained in the author's book, Android Forensics: Investigation, Analysis and Mobile Security for Google Android.

It took 11.2th version for Adobe Flash Player

Image
It took 11.2th version for Adobe Flash Player to implment secure automatic update to prevent users from being exploited.










All previous versions

All previous versions of the Updater program asked user to manually install the update, which did not always guarantee the update would actually be installed. It even had "Don't remind me" feature to users. These reasons may indicate the reason Flash exploits  have been top successful exploits among black undergrounds.


Past Flash Exploits
http://osvdb.org/search?search%5Bvuln_title%5D=adobe+flash&search%5Btext_type%5D=alltext
IDDisc DateTitle807072012-03-28Adobe Flash Player / AIR NetStream Class Unspecified Memory Corruption807062012-03-28Adobe Flash Player / AIR Unspecified ActiveX Control URL Security Domain Checking Memory Corruption798172012-03-05Adobe Flash Player Matrix3D Unspecified Memory Corruption798182012-03-05Adobe Flash Player Unspecified Integer Errors Information Disclosure793002012-02-15Adobe Flash Player Unspeci…