ICSA Labs Security Testing Blog

American Express’ page seems to be defaced – I’m just sayin’

Tonight, one of our friends, Dmitry Bestuzhev, tweeted here https://twitter.com/dimitribest/status/318164212721545216, that American Express appeared to be hacked.

This address, hxxp://expcheckoutinfo.americanexpress.com/business/amex.html, should look something like this (according to yahoo's cache) …

but, instead, it looks like this …

Windows 8

On October 26, 2012, Microsoft released their latest operating system, Windows 8. Along with their many new upgrades and refreshes, one of the features in Windows 8 is the built-in anti-malware protection. Microsoft has included anti-spyware protection with the operating system since Windows Vista. That has now been expanded to include malware protection, not just spyware.  Called Defender, it is Windows 8’s anti-malware solution.  If no active anti-malware software is found, Windows 8 will activate Defender to keep the end user protected.

Mobile App Insecurity

Not that long ago enterprise users did all of their computing work with PCs. Then, the small set of applications utilized each day was largely developed by a few, well-known vendors. Today’s mobile world is much different; there is a much larger set of less recognizable software developers who create mobile apps for enterprises.  

Thoughts about this week’s Java 0-day

A few days ago, the world became aware of the existence of a new Java exploit. (For the technically minded, it’s CVE-2013-0422, and if you want to, you can read about it here ...

A Warning to Parents

This is a personal story, but I decided to post it as a warning to other parents.

Setting the Stage

Why Online Shopping with a Debit Card is a Bad Idea – Part II

A few weeks ago, I had my debit card stolen online, and this was the subject of a previous blog post. The card was canceled and a new one issued, and all seemed well.

Naturally, I’m watching my account closely, and you can imagine my surprise when two more odd-looking transactions appeared last night. One was for $2.50, and the second was for $39.50.  Previously, the merchant was Facebook, but this time the merchant details were cryptic, and certainly rang no bells for me, except alarm bells.

Why Online Shopping with a Debit Card is a Bad Idea – Part I

A couple of weeks ago, I had my debit card stolen. I found out because I logged into my bank account and noticed a pending purchase of $50 from Facebook. Now Facebook is a lot of fun, but I’ve never bought anything from Facebook, and probably never will. Below is what I saw on my account:

As I looked a little more closely, I also noticed, in reverse chronological order,
(1)    another FB transaction for $60.52

Social networks tumbling

Recently, some bad guys found a vulnerability in Tumblr that allowed them to spread, in a worm-like fashion, what they thought was a funny message. Thousands of Tumblr users were affected, and while it probably caused some minor embarrassment to both Tumblr and those who were infected, there are two bigger issues in these days of cloud computing and burgeoning social sites.


This morning, we woke up to find this SMISH (Sms Phish) on my wife’s cell phone…

Given that we don’t have an account with a Federal Credit Union, it was instantly obvious that it was a scam, but we decided to play along.

I called the number, and it was answered by an automated voice mail system, (which in humor is accessible to older geeks, we shall call Eliza… sorry if you don’t get that bit).