- Debriefing on BSidesLondon
It was a long but wonderful day! I woke up very early to catch my train from Brussels to London and arrived just in time. The room was already full of security guys, some well known faces and new ones.
- BSidesLondon Wrap up – blog.rootshell.be
- BSidesLondon D-Day – blog.rootshell.be
- BSidesLondon: Jedi mindtricks for building application security programs – blog.c22.cc
- Notacon 8: At Least We’re Not Detroit – intrepidusgroup.com
This weekend was Notacon 8, Cleveland, Ohio’s longest running hacker con. Normally I don’t expect a lot of info sec related talks because in years past, Notacon emphasized the creative interpretation of the term hacker.
- Verizon’s DBIR 2011
In other words, most of the damaging, expensive breaches has cheap countermeasures that people just don’t do. Niiiice! On a more serious note, not only many of the breached organizations were ignorant, there were not even close to being PCI DSS compliant.
- Final Report On Pan-European Cyber Security Exercise – enisa.europa.eu
The report underlines the need for more cyber security exercises in the future, increased collaboration between the Member States and the importance of the private sector in ensuring IT security.
- Microsoft Safety Scanner: Free On Demand Safety Scanner – microsoft.com
Microsoft Safety Scanner has been designed with simplicity in mind. The program can be started right after downloading or transferring it to a Windows PC. Only the depths of the scan needs to be selected, everything else is handled automatically by the application.
- State of Software Security Report, Volume 3 – info.veracode.com
Today we’re proud to release the third volume of our semi-annual State of Software Security report. This edition incorporates data from 4,835 applications analyzed via our cloud-based platform over the past 18 months.
- ClubHack Magazine April 2011 – docs.google.com
ClubHACK has released another version of their magazine. It is the first Indian “Hacking” Magazine.This issue has been dedicated to Mozilla.
- Locks that can re-key themselves? – skullsecurity.org
I was at Rona last week buying a lead/asbestos/mold-rated respirator (don’t ask!), when I took a walk down the lock aisle. I’m tired of all my practice locks and was thinking of picking up something interesting. Then I saw it: a lock that advertised that it could re-key itself to any key. Woah! I had to play with it.
- NSTIC Strategy Released – blogs.cisco.com
Last June, I blogged about a draft of the National Strategy for Trusted Identities in Cyberspace (NSTIC) that had been released for public comment. This past April 15, the finalized NSTIC strategy document was released at an event at the US Chamber of Commerce.
- The Exploit Intelligence Project – goo.gl
I got my slides up early.
- IP address can now pin down your location to within half a mile – usenix.org
In a research paper and technical report presented at the USENIX Networked Systems Design and Implementation (NDSI) conference at the beginning of April, researchers from Northwestern University presented new methods for estimating the exact physical location of an IP address tens or hundreds of times more accurately than previously thought possible.
- Attacking Oracle Web Applications With MetaSploit – slidesha.re/dQvoJP
Oracle talk slides here.