How to Automatically Scan Multiple Files with Multiple Antiviruses

Recently, I’ve been working on a project where I needed to scan a large number of .apk files for potential malware or malicious intent. Given the fact that antiviruses produce many false positives, it would be better for me to scan the files by using more than one antivirus. During a discussion with a colleague, he mentioned the VirusTotal service. VirusTotal is a free service in which a web user can scan files and URLs to see if they are related to any kind of malicious behavior (viruses, worms, Trojans, etc.). To do so, it uses 55 different antiviruses and 61 scan engines. Using it is pretty straightforward: users upload a file and when the engines finish their analysis the results are displayed. Continue reading

Measuring the Occurrence of Security Bugs through Software Evolution – Part 2

Given the fact that security bugs are critical, one of the basic pursuits in every new software release should be to mitigate such bugs. In essence, security bugs should decrease as a project evolves. In a previous post I described how I measured the occurrence of security bugs through time and observed that security bugs actually increase as projects evolve. However, the corresponding experiment involved only four projects.
Continue reading

Querying Hacking Incidents with Style (Python)

Some months ago I attended a presentation where one of my colleagues, Panos, showed how he used Python to process data in a meaningful way. In particular, he showed how he extracted some interesting findings from a .csv file coming from the Boston Mayor’s 24 Hour Constituent Service web site. Such findings involved incidents that were still open by then, how many incidents were closed in a justifiable amount of time and others. Continue reading

Using Search Engines to Uncover Sensitive Data on the Web

Search engines are powerful tools that can really help you with your work. Apart from finding useful resources and interesting articles, a search engine can be used for other practical purposes. Specifically, if you don’t know which word to use exactly in the phrase you are writing down, or if you do not remember how to spell it, you can use a search engine to find an answer. You can also search for specific terms within a web page and make sure if they exist or not. Continue reading

How to Hack a Sketchy e-voting System

The quintessence of an e-voting transaction is to be secure. In the e-voting context, security issues are very subtle. This is because there are features that clash with each other. For example, guaranteeing anonymity makes it harder to track election fraud. In addition, security in e-voting is highly related to the type of the technology used during the process. In distance e-voting, the voter can cast his vote from his personal computer by sending it to a central server via the Internet. The electronic, network-based nature of the latter makes it susceptible to a wide range of attacks. Continue reading