The United States National Highway Traffic Safety Administration (NHTSA) is planning to create an official standard for Vehicle-to-Vehicle (V2V) communications and the agency recently published an Advance Notice of Proposed Rulemaking (ANPRM) on V2V—effectively a notice that the standard and a requirement to implement it is on the way—along with a progress report on the development of this new technology.

Why is the US government getting involved in creating new technology standards? It doesn’t believe that the market would agree on a standard itself in a timely fashion if left to its own devices.  “NHTSA...

Obfuscated phishing sites are nothing new. Various techniques such as JavaScript encryption tools (which offer very primitive obfuscation), data URIs (where the page content is mostly Base64-encoded), and character escaping are often used. However, recently we have seen a phishing site using the Advanced Encryption Standard (AES).

Figure 1. Page source of phishing site using AES

The page includes a JavaScript AES implementation, which it calls with the embedded password (used to generate the key) and embedded encrypted data (ciphertext). The decrypted phishing content is then dynamically written to the page using document.write().

This process happens almost instantly, so users are unlikely to notice anything unusual. Once decryption is complete, the phishing site is shown as normal.

 ...

Celebrity lures continue in the world of phishing. We have seen several phishing sites in the past that used altered celebrity images to get users’ attention. Today, we have a couple of examples in which phishers continued their celebrity  promotion campaigns with glamour models Martisha and Denise Milani. These phishing sites are typically developed for the purpose of stealing personal information from a large number of these celebrities’ fans.

In one campaign, the phishing page spoofed Facebook’s branding and contained an image of glamour model Martisha along with a message in the Arabic language. This message translates to “Chat with Arab boys and girls on Facebook”. The phishing site gave the impression that the user could get involved in adult chats when they entered their login credentials. In reality, after the user inputted their login credentials, they were redirected to the legitimate Facebook login page while their information was sent to the phishers. The...

Spying and violation of privacy are topics that never seem to be out of the headlines these days. Stories about mobile malware being used by governments and law enforcement agencies to spy on people (Finfish), smartphones coming off the production line with spyware preinstalled (Android.Uupay), or stories about cameras and microphones on smartphones being used for spying are all fairly common. Many spyware programs rely on data gathered from a device’s onboard sensors such as the microphone, camera, GPS etc., however, there is one sensor that has perhaps been overlooked and, unlike...