FaceID keeps on getting more and more interesting. According to Vietnamese Security firm Bkav, they were able to unlock the device using a 3D printed mask, hand made prosthetic nose, and 2D printed eyes.  This seems unlikely, especially given what Apple has said previously about testing they did to secure FaceID. What seems more likely […]

So, as people have started turning over stones, looking to see how common these Komodia certificates are, some surprising (and depressing) things are beginning to surface. It does appear that Komodia is behind this. It appears that Komodia uses the same framework for many, many products. Here’s some that have been found so far: Komodia’s […]

A pretty shocking thing came to light this evening – Lenovo is installing adware that uses a “man-in-the-middle” attack to break secure connections on affected laptops in order to access sensitive data and inject advertising. As if that wasn’t bad enough, they installed a weak certificate into the system in a way that means affected […]

So a bunch of things have come out in the last week that honestly make further discussion about attribution pointless. Once again, we are dealing with things said at conferences or deliberately leaked to the media, but given the sources, we have to at least take them somewhat seriously. North Korean Signals Intelligence (SIGINT) This […]

Here’s my responses to the latest comments on the Sony hack, as presented by Director James Comey at the International Conference of Cyber Security in New York this morning. “The tools in the Sony attack bore striking similarities to a cyber attack the North Koreans conducted in March of last year against South Korean banks […]

Attribution is hard. Out of all the digital forensic disciplines, it is probably the hardest. Digital forensics is nothing like what you see on TV – on so-called cyber-CSI shows, the investigator types in a few magical keystrokes and evidence comes flooding out of the completely unlocked computer. A few more keystrokes and a magical […]

So the FBI has come out and said it. North Korea was behind the Sony hack. With some pretty strongly worded rhetoric, they lay out exactly why they feel confident enough to lay the blame for this criminal act at the doorstep of a foreign nation.  Finally, they express their deep concern about how these […]