This post looks at how an attacker can intercept and read emails sent from one email provider to another by performing a DNS MX record hijacking attack. While our research on the state of email delivery security indicates that this attack is less pervasive than the TLS downgrade attack discussed in a previous post, it is equally effective at defeating email in-transit encryption. This post explains how this attack works, how it can be mitigated and to what extent it also affects the security of a website.
Follow these ten easy steps to improve your online security and privacy quickly.
Over the last two years, the number of encrypted emails received by Gmail has almost doubled, as I reported earlier on the Google security blog. This very encouraging trend is sadly accompanied with an increase of SMTP TLS downgrade attacks, which prevent encryption of emails in transit as discussed in our research paper on the state of email transport security. This blog post explains how such an attack is performed and why there is no simple “patch” for it.
Phishing is a social-engineering attack where the attacker entice his victims to give-up their credentials for a given website by impersonating it. Believe it or not phishing campaigns are well organized and follow a very strict playbook. This post aim at shedding some light on how phishing campaign works under the hood, showcase which infrastructure phishers use to steal users credentials and provide advice on how to defend against it.
To help Hearthstone players keep track of complex effect outcomes and improve their game play, I created a set cheat sheets. Each sheet cheat provided detailed statistics for a given card that trigger a complex effect such as the piloted shredder “summon a 2-mana cost minion.”
19.5% of HTTPS-enabled sites in Alexa's Top 1 Million trigger or will soon trigger a Chrome security warning because they are using the now deprecated SHA-1 signature algorithm to sign their HTTPS certificate. Soon those sites will be flagged by all major browsers as insecure.
I am a legend: Hacking Hearthstone with machine learning Defcon talk wrap-up: video and slides available but no tool. Here is why: The video and slides of our talk on how to use machine learning for Hearthstone are finally available for those who couldn’t come to Defcon. In our talk, Celine and I show how […]
This blog post demonstrate how to predict what is in your opponent deck based on what he played earlier in the game using machine learning.
In this post, we will evaluate the mana cost of two cards with unique abilities: Edwin VanCleef and the Twilight drake. We will see that VanCleef is clearly an undervalued card whereas the Twilight drake have a fair price. This is the third post on my serie on how to price Hearthstone cards.