Clik here to view.
Black Hat 2012 Podcast: Practical Malware Analysis
In our latest M-Unition Podcast, Mandiant’s Kristen Cooper sat down with Michael Sikorski and Andy Honig at Black Hat 2012 in Las Vegas. Sikorski and Honig are co-authors of the recently released...
View ArticleClik here to view.
Interesting article about Tech Time-2-Market & Innovation: Do you buy it?
http://www.vanityfair.com/business/2012/08/microsoft-lost-mojo-steve-ballmer I”d love to hear thoughts and opinions, particularly differing ones… Will the pendulum swing back a bit. Can there be too...
View ArticleClik here to view.
Black Hat Briefings & Exhibits: Day One…
Time for Black Hat again! Day one is almost complete and I’ve seen some big themes. There’s some of the usual. Vulnerability scanning and pen testing are definitely present and the topics of...
View ArticleClik here to view.
A Closer Look at WordPress Password Hashes
Wordpress is one of the most popular open source web applications used by major Fortune 500 companies as well as many independent websites and blogs. Like many web applications, WordPress stores...
View ArticleClik here to view.
Black Hat Day 2 Talk Notes – The Christopher Columbus Rule and DHS
“The Christopher Columbus Rule and DHS” by Mark Weatherford As usual, here is the official abstract… “Never fail to distinguish what’s new, from what’s new to you.” This rule applies to a lot people...
View ArticleClik here to view.
Lifehacking – What It Really Is
Two things made me write this article. The first was a conversation with a friend of mine, Luigi (Thanks Luigi!) The second was a conversation I had with a woman last night. She disagreed with the......
View ArticleClik here to view.
More (OSX)Morcut: still not a (OSX)Crisis
Graham Cluley’s blog Mac malware spies on infected users through video and audio capture adds significantly to our knowledge of what behaviour the malware is meant to monitor, including IM...
View ArticleClik here to view.
Podcast: The Evolution of the Black Hat Conference
In the midst of one of the largest cybersecurity conferences this year, Mandiant’s Kristen Cooper sat down with Richard Bejtlich to discuss this year’s Black Hat Conference. Bejtlich reflects on the...
View ArticleClik here to view.
Announcing the availability of ModSecurity extension for IIS
This blog post has also been posted on the Microsoft Security Research and Defense site: By: Greg Wroblewski, Microsoft Security Engineering Center Ryan Barnett, Trustwave SpiderLabs Vulnerabilities...
View ArticleClik here to view.
OMG WE NEED THOSE STINKING BADGES
Game over. Mind blown.For many years now, the "badges" for the Defcon annual hacker party (15,000 this year) have consisted of circuit boards, with tiny micro-controllers that hackers can, well, hack....
View ArticleClik here to view.
WordPress and Server Hardening – Taking Security to Another Level
The biggest problem today with most content management systems (CMS) and web applications is the adoption of what we call the “Win95 security model”. Do you remember the Windows 95 security model? With...
View ArticleClik here to view.
command shift x
Apple doesn’t seem able or willing (I don’t know) how to fix the issue with command shift 1 so I may have to choose a new keyboard shortcut but here is the left hand of the keyboard (the right hand is...
View ArticleClik here to view.
Confessions of Commercial WAF Vendor
Yesterday at Black Hat Ivan Ristic gave a talk on WAF evasion. Ivan began his talk by correctly noting that WAFs are an essential part of an appsec strategy. With the growth apps and their increasing...
View ArticleClik here to view.
Unsafe at any speed – Enterprises still misunderstand software quality
Remember when slow and steady won the race? Those days are over, if you're in enterprise IT, or more specifically software delivery. Today slow and steady gets you a pink slip and the goals is...
View ArticleClik here to view.
BYOD–is it Good, Bad or Ugly from the User Viewpoint?
Bring your own device--or BYOD --is a tech trend that is changing the way many organizations manage technology. In previous posts, we’ve shared some background on our Trust in Computing Research...
View ArticleClik here to view.
284 More Password Hashes Dumped
There are three new relatively small password hash dumps that we discovered over on OZDC.net yesterday. Of course many of the records also contained other interesting data such as phone numbers, email...
View ArticleClik here to view.
Black Hat Day 2 Talk Notes – Hacking the Corporate Mind
“Hacking the Corporate Mind: Using Social Engineering Tactics to Improve Organizational Security Acceptance” by James Philput As usual, here is the official abstract… Network defenders face a wide...
View ArticleClik here to view.
InfoSec Daily Podcast Episode 726
Episode 726 - Skype, BlackOut, StepUp, AC-NG, and Charlie Miller strikes again
View ArticleClik here to view.
New Mac malware spies on you via Adium, Firefox, Safari, Skype
A new Mac OS X Trojan referred to as OSX/Crisis silently infects OS X 10.6 Snow Leopard and OS X 10.7 Lion. It then spies on the user by monitoring Adium, Firefox, Microsoft Messenger, Safari, and Skype.
View ArticleClik here to view.
Fake IRS emails
I have seen two, one pretending to be from alerts@irs.gov, the other pretending to be from noreply@irs.gov. They are, of course, fake, which is obvious when you hover over the hyperlinks.
View Article