badBIOS

I’m reading with interest the assertions and the subsequent scepticism regarding the badBIOS saga. Totally fascinating, if you’re into this stuff.

This is why I love the infosec community. Reputation matters. Results matter. Science ultimately rules, but there is a lot of “gut instinct” and “second nature” involved, too. I

It will be interesting to see how this plays out. 

Likejacking

Sophos Labs has a great post about the Facebook attack they are calling “likejacking”. The way it works, in brief, is that an enticing item shows up on your wall or, even a bit more disturbingly, on any website. You click, and then the attacker cleverly gets you to infect yourself with malware.

One of the key defenses you can take against such attacks, other than to never click any links ever, is to be logged out of Facebook when you visit other websites. You can read a bit more on some of the risks involved with Facebook’s interaction with other websites in this earlier post, and, of course, I always recommend you read my post on how to increase the security of your Facebook activity.