Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Separating Fact From Hype On Mobile Malware 46

wiredmikey writes with this quote from an article about determining whether the recent doom-and-gloom reports about malware on mobile devices are justified: "As twilight approaches for 2011, security vendors have set their gaze on the rise of Android malware during the year and what is ahead. Last week, Juniper Networks entered the fray, declaring the number of malware samples it observed targeting devices running Google Android had shot up nearly 500 percent since July. Today, McAfee released its threats report for the third quarter of the year, which found that the amount of malware targeting Android devices jumped 37 percent since the second quarter. While there is no doubt the amount of malicious programs with Windows in their bull's eye dwarfs the amount of threats to mobile devices, the focus on Android malware have left some wondering how to separate fact from hype."

Fox-IT Completes the Picture On the Factored RSA-512 Keys 38

An anonymous reader sends in this excerpt from the Fox-IT blog: "During recent weeks we have observed several interesting publications which have a direct relation to an investigation we worked on recently. On one hand there was a Certificate Authority being revoked by Mozilla, Microsoft and Google (Chrome), on the other hand there was the disclosure of a malware attack by Mikko Hypponen (FSecure) using a government issued certificate signed by the same Certificate Authority. That case, however, is not self-contained, and a whole range of malicious software had been signed with valid certificates. The malicious software involved was used in targeted attacks focused on governments, political organizations and the defense industry. The big question is, of course, what happened, and how did the attackers obtain access to these certificates? We will explain here in detail how the attackers have used known techniques to bypass the Microsoft Windows code signing security model."

No problem is so formidable that you can't just walk away from it. -- C. Schulz