So, as people have started turning over stones, looking to see how common these Komodia certificates are, some surprising (and depressing) things are beginning to surface. It does appear that Komodia is behind this. It appears that Komodia uses the same framework for many, many products. Here’s some that have been found so far: Komodia’s […]

A pretty shocking thing came to light this evening – Lenovo is installing adware that uses a “man-in-the-middle” attack to break secure connections on affected laptops in order to access sensitive data and inject advertising. As if that wasn’t bad enough, they installed a weak certificate into the system in a way that means affected […]

So a bunch of things have come out in the last week that honestly make further discussion about attribution pointless. Once again, we are dealing with things said at conferences or deliberately leaked to the media, but given the sources, we have to at least take them somewhat seriously. North Korean Signals Intelligence (SIGINT) This […]

Here’s my responses to the latest comments on the Sony hack, as presented by Director James Comey at the International Conference of Cyber Security in New York this morning. “The tools in the Sony attack bore striking similarities to a cyber attack the North Koreans conducted in March of last year against South Korean banks […]

Attribution is hard. Out of all the digital forensic disciplines, it is probably the hardest. Digital forensics is nothing like what you see on TV – on so-called cyber-CSI shows, the investigator types in a few magical keystrokes and evidence comes flooding out of the completely unlocked computer. A few more keystrokes and a magical […]

So the FBI has come out and said it. North Korea was behind the Sony hack. With some pretty strongly worded rhetoric, they lay out exactly why they feel confident enough to lay the blame for this criminal act at the doorstep of a foreign nation.  Finally, they express their deep concern about how these […]

Everyone seems to be eager to pin the blame for the Sony hack on North Korea. However, I think it’s unlikely. Here’s why:1. The broken English looks deliberately bad and doesn’t exhibit any of the classic comprehension mistakes you actually expect to see in “Konglish”. i.e it reads to me like an English speaker pretending […]