David Litchfield’s company, NGSS (Next Generation Security Software) is being acquired by NCC Group for up to 10 million in cash! The press release can be read on NCC Group’s investor page, in a post titled ‘Third leading security and testing operation acquired’.

Yoggie Security Systems has launched open source models of their Pico and SOHO firewall products. The Pico is a USB key, which replaces OS network drivers and reroutes wired and wireless traffic through the device. The SOHO can be used in the same manner, but it can also be inline since it has two Ethernet [...]

The Security Bloggers Network has moved from FeedBurner to Lijit. The new homepage for the Security Bloggers Network is now online, and the global feed is also working. If you are curious whether any blogs got dropped in the move, you can compare the FeedBurner SBN opml to the current Lijit SBN opml. We are [...]

Microsoft had another BlueHat conference last month, and they recently posted some videos and interviews on the TechNet BlueHat v8: C3P0wned page. Only the keynote from day one was captured on video, but all of day two was captured. Many interviews were captured through, to give us some idea of what they were talking about. [...]

The presentations from last month’s Virus Bulletin conference in Ottawa is now online. Keynote address The AV industry: quo vadis? by Alex Eckelberry Corporate stream The malware business by David Emm Stormy weather: a quantitative assessment of the Storm web threat in 2007 by Anthony Arrott Intentions of capitalistic malware by Gunter Ollmann and Holly [...]

The latest Microsoft Security Intelligence Report (SIR) is now out. The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows users, and some of the busiest online services [...]

Last month the Black Hat folks had their annual Japan conference. There were a few overlapping talks from the Black Hat USA 2008 conference, but also new presentations from the locals. The presentations are now online at the Black Hat Japan 2008 archives, and direct links are below. Enjoy! Black Ops of DNS 2008: Its [...]

A critical update to Adobe Reader 8.1.2 and Acrobat 8.1.2 has been released to address a remote exploit vulnerability. Version 9 of these products are not vulnerable. The advisory from Core Security notes that there is a stack buffer overflow when parsing PDF files, and the flaw could be exploited if a user is tricked [...]

The presentations from Hack in the Box Malaysia are now online and available to download on the HITBSecConf2008 Malaysia Conference page. All the presentations are in one directory, so it is easy download them all with something like wget or httrack. But for those that like direct links from this site, here they are: Keynotes [...]

The number of information security events in North America is finally slowing down. This month there are only two events going on: Information Security Decisions Conference: November 5-6 CSI 2008: November 15-21 But there are a ton of other information security events around the world going on: OWASP EU Summit 2008: November 4-7 in Portugal [...]