Yesterday was the USENIX Workshop on Hot Topics in Security. We weren’t able to attend this workshop, but the presentations are now online. Here are some Workshop on Hot Topics in Security presentations that sound interesting to us: Towards Application Security on Untrusted Operating Systems by Dan R.K. Ports and Tal Garfinkel Digital Objects as [...]

This is the week of USENIX, as they have several security related workshops, and their annual  Security Symposium. On Monday, there was the Workshop on Offensive Technologies, and I was lucky enough to get invited to the workshop. Paul Vixie started the event by talking about the DNS cache poisoning vulnerability. He didn’t talk about [...]

A couple weeks ago, Jeremiah Grossman put together a survey for web application security professionals, and now the results are posted. There were 17 questions, ranging from your general background to rating web vulnerability scanners. There were some funny questions like the HackerSafe one… Safe from Hackers, Safe for Hackers, or Other? Jeremiah also posted [...]

The three day Symposium On Usable Privacy and Security finished today. We were not able to attend this event, but from the program information, there was some interesting research on usability revealed during the symposium. The majority of the research papers and slides are now online for your viewing. One of the most talked about [...]

Now that public exploits are available for the DNS cache poisoning attack, now is good time to patch your DNS servers if you haven’t already. Some new tools also came out to test if your DNS server is vulnerable to DNS cache poisoning. The web-based DNS randomness test by DNS-OARC is very good, and it [...]

Similar to yesterday’s HOPE Carnival post, here is a carnival of interesting things said about The Last HOPE conference on twitter. crackhead : Domino’s Pizza has the largest consumer db of all, and they sell it. Nearly all law enforcement agencies have purchased it. blogstar : RABBI – Relationship and Activity Analysis and Behaviour Informant. [...]

I wasn’t able to attend The Last HOPE conference, so instead I will run a carnival of all the interesting things from The Last HOPE that I find. the trackable last hope conference badge wikiscanner 2.0 the impossibility of hardware obfuscation Hacking Medeco locks For the love of lock picking Hacking with no technology Tracking [...]

The Princeton/Wind River/EFF team just released their memory research tools at The Last HOPE conference. The bios_memimage tool is written in C and uses PXE to boot the machine and copy the memory. The package also has a disk boot dumper with instructions for how to run it on an iPod. There’s also efi_memimage which [...]

The Last HOPE conference starts today, and for those that aren’t able to physically attend, here are a few ways to virtually attend. HOPE Radio – Listen to the live audio stream of The Last HOPE Monitor #thelasthope twitter posts via Hashtags or TweetScan Update: amazonv and quine are doing an awesome job of posting [...]

Just two weeks ago, Mozilla released a security update for their Firefox web browser, and today they are releasing another security update to fix 3 security vulnerabilities. All of the vulnerabilities were marked critical. MFSA 2008-36 – Crash with malformed GIF file on Mac OS X MFSA 2008-35 – Command-line URLs launch multiple tabs when [...]