Entries by admin

Black Hat USA 2010

Black Hat USA 2010 is the technical security event for members of the security industry to gather and learn about the cutting-edge research – that address challenges to today’s senior-level IT professional. This year’s event will be hosted at Caesars Palace in Las Vegas, Nevada July 24-29th offering: over 70 multi-day training sessions, 32 live tool demonstrations in the new Black Hat Arsenal, and 100+ sessions of presentations from security industry elite. To learn more and register for the event visit: www.blackhat.com.

Adobe Systems Patches 17 Critical Security Holes

On June 29, Adobe Systems plugged 17 critical security holes affecting Adobe Reader and Acrobat including a patch for a zero-day vulnerability that impacted many of their other products, on multiple operating systems such as Windows, Mac and Linux. The new versions of Acrobat and Reader are 8.2.3 and 9.3.3, but Adobe strongly recommends using the version 9.x products.

Russian Spies used Steganography

The FBI arrested 11 suspected Russian spies for passing U.S. information to Russian spy agents using wireless networking and steganography.

Steganography is the process of writing hidden messages in such a way that no one, apart from the sender and intended recipient, knows of the existence of the message, a form of security through obscurity. The message can be hidden in pictures, text and many different forms.

Ethical Vulnerability Disclosure

The debate on whether vulnerabilities should be disclosed to force a vendor to fix the problem in a reasonable period or kept covert until a fix has been implemented has been a big discussion in the Information Security field. Black Hats, White Hats and even Grey Hats have their opinions.

Taxonomy of Computer Security

Computer security is frequently associated with three core areas, which can be conveniently summarized by the acronym “CIA” standing for Confidentiality — Ensuring that information is not accessed by unauthorized persons; Integrity — Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users; Authentication — Ensuring that users are the persons they claim to be.

IT Security Audits: A Necessary Evil…

As I prepare to conduct my next IT security audit at a client’s site, I realize some things have not changed in the past few years. The client’s reaction towards the security audit is always amazing the day before the on-site visit as they exhibit a sense of fear. For the most part, it has […]

iPad Security

Apple’s new iPad is set to be released on April 3rd and SecurityOrb.com a Washington D.C.-based information security media company has looked beyond the hype into the possible security matters consumers should be concerned about.

SANS WhatWorks in Virtualization and Cloud Computing Summit with Tom Liston, Washington DC, August 19-20

As security professionals, we work in an environment that never stops changing.  New technologies and innovative new uses for old technologies seem to appear every day.  Unfortunately, along with the benefits that every new technology brings, there are new and novel security challenges that need to be addressed. We’re forced to constantly learn just to […]

(IN)SECURE Magazine Issue 26 released

(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. Issue 26 has just been released. Download it from: http://www.insecuremag.com The covered topics include: – PCI: Security’s lowest common denominator – Analyzing Flash-based RIA components and discovering vulnerabilities – Logs: Can we finally tame the beast? – Launch […]