Internal IT Security Threat

/
Security Administrators should apply the “Defense in Depth” security model when it comes to protecting the network. This mean network firewalls, IDS, HIDS, host-based firewalls, patch management, security policies and vulnerability scanning.

Black Hat USA 2010

/
Black Hat USA 2010 is the technical security event for members of the security industry to gather and learn about the cutting-edge research - that address challenges to today’s senior-level IT professional. This year’s event will be hosted at Caesars Palace in Las Vegas, Nevada July 24-29th offering: over 70 multi-day training sessions, 32 live tool demonstrations in the new Black Hat Arsenal, and 100+ sessions of presentations from security industry elite. To learn more and register for the event visit: www.blackhat.com.

Adobe Systems Patches 17 Critical Security Holes

/
On June 29, Adobe Systems plugged 17 critical security holes affecting Adobe Reader and Acrobat including a patch for a zero-day vulnerability that impacted many of their other products, on multiple operating systems such as Windows, Mac and Linux. The new versions of Acrobat and Reader are 8.2.3 and 9.3.3, but Adobe strongly recommends using the version 9.x products.

Russian Spies used Steganography

/
The FBI arrested 11 suspected Russian spies for passing U.S. information to Russian spy agents using wireless networking and steganography. Steganography is the process of writing hidden messages in such a way that no one, apart from the sender and intended recipient, knows of the existence of the message, a form of security through obscurity. The message can be hidden in pictures, text and many different forms.

Smart Phone Security

/
A few years ago, there was not a lot of standardization across wireless devices. Differing operating systems, differing implementations of mobile Java, and even varying configurations among devices with the same operating system made it hard to write malicious code that ran on a wide array of devices, Girard said.

Ethical Vulnerability Disclosure

/
The debate on whether vulnerabilities should be disclosed to force a vendor to fix the problem in a reasonable period or kept covert until a fix has been implemented has been a big discussion in the Information Security field. Black Hats, White Hats and even Grey Hats have their opinions.