Web exploits meet steganography

Interesting catch by Sucuri, a website exploit that adds malicious code to the EXIF headers in legitimate images on the compromised host.

Advertisements

Be careful what you wish for

I would be more worried that someone would kill me in order to get the documents released than I would be that someone would kill me to prevent the documents from being released. Any real-world situation involves multiple adversaries, and it’s important to keep all of them in mind when designing a security system.

—Bruce Schneier, in response to Edward Snowden having a “dead man’s switch” that would release all of the documents he stole if anything happens to him.

New column on Dark Reading

I have a new column/blog on Dark Reading. Or, more accurately, I’ve taken over a column called Sophos Security Insights (previously SophosLabs Insights).

The first post, “Forget Standardization. Embrace BYOD.” went up today. Here’s a sneak peak:

Despite its rocky start, Windows 8 has IT departments salivating over the idea of standardizing on a single platform. It’s a compelling vision: phones, tablets, and workstations all running a single OS and managed through a shared set of native Microsoft tools. Compelling, perhaps, but for most organizations, it ain’t gonna happen.

Read the full post over at Dark Reading or subscribe to the feed.