About Rodolfo Saccani
CTO and security R&D manager at Libraesva.
Before working in the security field Rodolfo Saccani lived and worked between US and Europe in heterogeneous technical fields: linux embedded systems, experimental avionics, secure telecommunication systems for hostile environments, smartTV, process control and industrial automation, clinical research, SaaS systems.
Rodolfo is also security officer in the Italian free flight organization, as CEN expert writes European norms for the certification of free flight equipment, he has been chairman of the European Safety and Training Committee of the European Hang-gliding and Paragliding Union.
Entries by Rodolfo Saccani
New wave of EXCEL 4.0 malware campaigns abusing FORMULA macro function/in Security Blog/by Rodolfo Saccani
VBA has been introduced in Excel 5.0. Before then Excel only had XLM macros, which are still supported today. XLM macros allow writing code by entering statements directly into cells, just like normal formulas. In fact they are called macro-formulas. In case you are curious, the reference document of the Excel 4.0 macro functions is […]
Email trojan horse: application/html entity/in Security Blog/by Rodolfo Saccani
We just discovered a new trick that is currently being used to slip malicious html files through email security solutions and, in some cases, through antivirus engines. The trick is quite simple: declaring an email entity as “application/html” instead of “text/html”. “application/html” is an invalid type and this allows it to slip through some checks. […]
10 very practical suggestions for choosing an email archiving solution/in Security Blog/by Rodolfo Saccani
What makes a good archiving solution? Count 1 to 10: 1- No vendor lock-in Archiving email is a long term commitment, you need to think long term and make sure that you will be able, in 10 or 20 years from now, to autonomously, easily and reliably make use of your email archive. If […]
Phishing campaign uses Google reCAPTCHA to avoid Sandbox detection/in Security Blog/by Rodolfo Saccani
Recent email phishing campaigns are using Google reCAPTCHA as part of their efforts to bypass click-time protection sandboxing, requiring user interaction before delivering the actual contents of the phishing page. We have seen two different instances of such campaigns, both are targeting Office 365 users in order to collect their credentials. Implementation details suggest that […]
What’s the difference between email backup and email archiving?/in Security Blog/by Rodolfo Saccani
Lots of differences, actually. An email backup is a snapshot of a specific point in time, it’s purpose is for recovery in case of a disaster. Email archiving does not archive a series snapshots but it preserves all data history. The purpose of the archiver is much broader: discovery, compliance, legal, search, analysis and for […]