Entries by SecurityOrb_Staff

FOSE 2011 Conference & Expo Coming in July – Receive a 20% discount off the full conference rate

The FOSE Conference & Expo is returning to Washington, DC, July 19-21 – are you planning to attend?

If you’ve never been to FOSE before, then make 2011 the year you attend! There’s a reason (several, actually) why it’s the top government IT event in the country. FOSE features a FREE Expo with education sessions and over 400 IT solution providers, including Blackberry, Canon and Dell. Another excellent reason to attend FOSE: Apple founder Steve Wozniak will be one of this year’s keynote speakers!

HD Moore “Bounty: 30 Exploits, $5,000.00, in 5 weeks”

The Metasploit team is excited to announce a new incentive for community exploit contributions: Cash! Running until July 20th, our Exploit Bounty program will pay out $5,000 in cash awards (in the form of American Express gift cards) to any community member that submits an accepted exploit module for an item from our Top 5 or Top 25 exploit lists. This is our way of saying thanks to the open source exploit development community and encouraging folks who may not have written Metasploit modules before to give it a try.

IT Governance, Risk and Compliance Conference

At ISACA’s IT Governance, Risk and Compliance Conference you will discover how to enhance the value that IT provides your enterprise, and learn how to ensure IT-related risks are managed and how to assure outcomes including performance and compliance.

You will also learn from knowledgeable practitioners and benefit from ISACA’s IT governance frameworks and professional guidance.

The Top 10 Reasons Why You Should Attend Hacker Halted USA 2011

With a comprehensive agenda, and an international line up of speakers, Hacker Halted USA 2011 promises to be premier information security conference of the year in the East Coast.

Held in Miami for the 3rd year in a row, we will be expecting a strong turnout of Information Security professionals to attend this event and there will be many exhibitors showcasing the latest technologies and tools in Information Security.

Learn from the likes of Bruce Schneier, Philippe Courtot, George Kurtz, Jeremiah Grossman, Barnaby Jack, Moxie Marlinspike, Charlie Miller, Thomas Roth, Anton Chuvakin and many other best brains in the information security space.

Black Hat USA 2011

Black Hat USA is the premier security event where members of the security industry gather to learn from elite security researchers in the field. This year’s event will be hosted at Caesars Palace in Las Vegas, Nevada July 30-Aug 4 and offer over 50 multi-day training sessions, feature 7 Briefings tracks with the latest research, and 2 workshop tracks dedicated to practical application and demonstration of tools.

Black Hat // Webcast 28 – HTTP Parameter Pollution Vulnerabilities in Web Applications

While input validation vulnerabilities such as XSS and SQL injection have been intensively studied, a new class of injection vulnerabilities called HTTP Parameter Pollution (HPP) has not received as much attention. HPP attacks consist of injecting encoded query string delimiters into other existing parameters. If a web application does not properly sanitize the user input, a malicious user can compromise the logic of the application to perform either client-side or server-side attacks. This talk analyzes HTTP Parameter Pollution and presents the first automated system for the detection of HPP flaws in real web applications. We used this system to conduct a large-scale experiment by testing more than 5,000 popular websites and discovering unknown HPP bugs in many important and well-known sites such as Microsoft, Google, VMWare and PayPal. In this presentation we will describe the details of the architecture and of the algorithms we implemented to efficiently detect HPP vulnerabilities. We will conclude by discussing the HPP phenomenon and giving suggestions on how to prevent this novel class of injection vulnerabilities in future web applications.

Threat Outbreak Alert: Fake Bin Laden Pictures E-mail Messages on May 13, 2011

Cisco Security Intelligence Operations has detected significant activity related to Portuguese-language spam e-mail messages that claim to contain pictures of Osama Bin Laden The text in the e-mail message instructs the recipient to open a .zip attachment to view the pictures. However, the .zip attachment contains a malicious .scr file that, when executed, attempts to infect the system with malicious code.

Sourcefire® National Seminar Series

Cyberthreats are evolving. Networks are evolving. And so are your security requirements.

Against a backdrop of cyber opponents who are faster, smarter, more prevalent, more targeted, and more elusive than ever before, how can you protect the growing number and types of operating systems, applications, services and users on your network?