Patrick Wardle shows how OS X is also vulnerable to once common Windows attacks.
A few years ago, DLL hijacking on Windows was really hot, despite the fact that the concept had been discussed by none other than the NSA as far back as 1998.
Many applications load dynamic link libraries (DLLs) without specifying a path name to indicate where the library is to be found in the operating system. When such a path name is absent, the operating system looks for the DLL file in a number of well-defined directories. An attacker could thus 'hijack' the DLL by placing a rogue DLL file into one of those directories, so that the operating system will find the rogue DLL first.
Protocol has all the advantages of email, yet is orders of magnitude more secure.
In the current Internet era sometimes referred to as 'post-Snowden', it is often said that email is broken. After all, a lot of email is still flowing over the Internet unencrypted, and even if encryption is used for email delivery, that still leaves the mail servers as weak points that have access to unencrypted emails.
Using PGP to encrypt emails could solve some of these issues, but PGP leaks some important metadata. Moreover, more than 20 years after PGP was invented and more than 20 months after Snowden started leaking NSA slides, PGP's user base remains extremely small. Most crypto experts agree that it is time for the protocol to die and that they wished they could uninstall it.
Aryeh Goretsky gives advice on how to adapt to Windows 10's patching strategy.
Patching is hard, especially when the code base is old and the bugs are buried deeply. This was highlighted once again this week when Microsoft released a patch for a vulnerability that was thought to have been patched almost five years ago, but which could still be exploited.
In fact, six out of the last eight Patch Tuesdays have included patches that have caused problems for some Windows users.
Microsoft patches .LNK vulnerability after 2010 patch was found to be incomplete.
Mention Stuxnet and you'll have many a security researcher's attention. The worm, which was discovered in 2010, used a number of zero-day vulnerabilities to reach its target: air-gapped Windows PCs at the Natanz nuclear plant in Iran. Most prominent among these was CVE-2010-2568, which allowed an attacker to execute remote code through a specially crafted .LNK file.
The vulnerability could be triggered by plugging an infected USB drive into a vulnerable PC, thus allowing an attacker to bridge air gaps. Researchers from Kaspersky have since found that the same exploit was used by the 'Equation Group' even before Stuxnet.