White Hat Security Archives

White Hat Security

Health Exchanges Need A Fail Whale

October 3, 2013 Paul Roberts

In a blog post on Veracode’s blog today, I write about the problems encountered at government-run online health exchanges that were intended to connect millions to private insurance plans under the Affordable Care Act. The exchanges opened to the public on Tuesday, and they got off to a rocky start, with reports of web sites paralyzed as millions of uninsured Americans logged on to sign up for subsidized health insurance. In some cases, the problems appear to have been caused by “external factors.” New York State’s online health exchange was felled by the weight of more than 10 million requests of dubious origin, The New York Post reported. But other exchanges, including Healthcare.gov the federal government’s main health insurance storefront, which is used by residents or more than half of the states, were victims of their own success: overwhelmed when the doors swung open and millions of eager customers poured […]

New Mobile Malware Taps Ad Networks To Spread

August 13, 2013 Paul Roberts

It was only a couple weeks back that we wrote about new research from the folks at WhiteHat Security that posited a way for mobile ad networks to be gamed and used to distribute malicious code. Now it looks as if the bad guys were one step ahead, as researchers at Palo Alto Networks reveal new type of malicious Android malware that uses mobile ad networks to infect vulnerable devices. Palo Alto described the new, malicious mobile software, dubbed “Dplug,” in a blog post on Monday. The company said the malware authors appear to be leveraging second tier mobile ad networks, mostly in Russia and the former Soviet Republics), to distribute their wares. The Dplug malware takes advantage of the deep integration between mobile applications and mobile advertising networks to gain a foothold on infected devices, then send out messages to premium SMS services to generate money for the fraudsters, according […]

Could Ad Networks Power Massive, Browser-Based Botnets?

July 29, 2013 Paul Roberts

When it comes to security, the web is insecure-by-design. We’ve known that for a long time – what with “man in the middle” attacks like FireSheep, drive-by download attacks and more. The problem has always been how to scale web based attacks. At the end of the day, having an attack web page is great but, like every other website owner, you still have to figure out how to get people to visit your site! Now researchers at WhiteHat security say they’ve found an easy way around the “scale” problem: ad networks. In a presentation at Black Hat this week, Jeremiah Grossman, the CTO of WhiteHat Security, and Matt Johansen, the Manager of Threat Research there, will show how would-be attackers can parlay a small cash outlay into a sizeable browser-based botnet that could be used to send out spam, spread malicious code or launch denial of service attacks on other web […]