The presentations from ToorCon X are now available to download on the ToorCon X Conference page. Below are direct links to the presentations. Hour Presentations Black Ops of DNS 2008: Its The End Of The Cache As We Know It by Dan Kaminsky How To Impress Girls With Browser Memory Protection Bypasses by Alexander Sotirov [...]

Starting this month, Microsoft will be providing exploitability information about their patches to everyone. The Microsoft Exploitability Index is designed to provide additional information to help customers better prioritize the deployment of Microsoft security updates. This index provides customers with guidance on the likelihood of functioning exploit code being developed for vulnerabilities addressed by Microsoft [...]

There have been lots of buzz recently on new Elcomsoft software that utilizes Nvidia GPUs to crack WPA and WPA2 keys. The use of Nvidia GPUs result in cracking the keys 100 times faster! Lots of media picked up on this story, from Slashdot to Gizmodo to The Register. Unfortunately, none of the reporters did [...]

NIST continues to release good guidelines on security. Within the last month, they released three new special publications, and updated three special publications. New Releases SP 800-115 – Technical Guide to Information Security Testing and Assessment SP 800-121 – Guide to Bluetooth Security SP 800-124 – Guidelines on Cell Phone and PDA Security Updated SP [...]

For those that weren’t able to attend the OWASP NYC Appsec 2008 Conference, the video from all the presentations are now online! Intro OWASP 3.0 – Who We Are And How We Got Here by The OWASP Foundation Track 1 Analysis Of The Web Hacking Incident Database by Ofer Shezaf HTTP Bot Research by Steven [...]

This year we weren’t able to attend the annual OWASP AppSec conference. But Josh from the Web Admin Blog attended and did an amazing job at live blogging the event. Here are links to his various posts from the conference: Day 1 Keynote – OWASP AppSec NYC 2008 Web Application Security Roadmap OWASP Google Hacking [...]

Last week was the Integrated Cyber Exercise (ICE) ran by White Wolf Security. The game consisted of three teams that either attack (Red Cell), defend (Blue Cell), or observe. The Blue Cell were responsible for keeping their network alive and functional, and the Red Cell were responsible for attacking the Blue Cell network. Here are [...]

When using a Hotel’s network, do you ever wonder how safe you are when connected to it? In a recent study from the Cornell University School of Hotel Administration, they found that most hotels are not secured properly. The paper called Hotel Network Security: A Study of Computer Networks in U.S. Hotels (registration required) shows [...]

As many of you have noticed, our information security events calendar only covers events held in North America. But information security is not an issue only in North America, but everywhere around the world. We have noticed an increase of good security events outside North America, so we decided to create another google shared calendar. [...]

Here is a list of events going on this month in the information security space. Virus Bulletin 2008: October 1-3 SecTor 2008: October 7-8 Malware 2008: October 7-8 Day-Con II: October 10-12 eCrime Research Summit: October 15-16 Phreaknic 12: October 24-25 Techno Forensics Conference 2008: October 27-29 ChicagoCon 2008f: October 27-November 1 NYS Cyber Security [...]