- Malware Analysis Teaching Malware Analysis and the Expanding Corpus of Knowledge
Malware analysis skills have expanded in complexity as software—benign and malicious—has grown more sophisticated. From a 2.5-hour session in 2001 to a full six-day course with capture-the-flag...
- Malware Researching Scams Helps Understand Human Vulnerabilities
Online scammers exploit predictable human vulnerabilities: starting scams in the physical world, customizing messages with victims' locations, appealing to vanity and self-interest, posing as...
- Social Engineering Looking for Anomalies in Check Overpayment Scam Correspondence
Check overpayment scams convince victims to deposit fraudulent cashier's checks and forward the "extra" funds before the forgery is discovered. Warning signs include strange punctuation, extraneous...
- Encryption How the Digital Certificates Ecosystem is Being Strengthened
Several initiatives are strengthening the digital certificate ecosystem: improved certificate revocation checking, EFF's SSL Observatory for cataloging certificates, Google's Certificate Transparency...
- Encryption How Digital Certificates Are Used and Misused
Digital certificates enable HTTPS communications, software signing, VPNs, and Wi-Fi authentication, but the PKI ecosystem shows weaknesses. Attackers misuse stolen code-signing certificates, CAs...
- Privacy What Happens After You've Set Up Google Inactive Account Manager?
Google's Inactive Account Manager notifies designated contacts after 3+ months of account inactivity, optionally sharing data with them. Google sends multiple alerts before expiration and requires...