Here is what's going on this month in the information security space: The Last HOPE: July 18 - 20 Symposium on Usable Privacy and Security: July 23 - 25 USENIX Workshop on Offensive Technologies (WOOT): July 28 Workshop on Cyber Security Experimentation and Test (CSET): July 28 USENIX Workshop on Hot Topics in Security (HotSec): [...]
This post officially kicks off the project to identify information security resources in the cities we live in. Why do this? Why not do it? There is no resource that lists the various information security groups, meet-ups, and conferences in one place, and I think it would be very beneficial to have one. We already [...]
I've been to seven other Black Hat events starting around the year 2000. So what makes me keep coming back? Here are my top 5 reasons to attend Black Hat USA.
Normally I do not get the USA Today newspaper, but I happen to be on travel this week, and the hotel gives them to me. So what do I see in the Money section? I know her.. that's Window Snyder! The USA Today article is called 'Geek girl' helps keep Mozilla safe in scary times. [...]
The blog-o-sphere has been buzzing about the popular wordpress blogging platform getting hacked and their sites being redirected to anyresults.net. Via Donncha O Caoimh's blog: Remember a few weeks ago there was all that noise about WordPress blogs getting hacked? Remember how everyone was urged to upgrade their blogs. You did upgrade didn’t you? No? [...]
Apple just released a security configuration guide to their latest operating system version 10.5 codename Leopard. The Security Configuration Guides provide an overview of features in Mac OS X that can be used to enhance security, known as hardening your computer. The guides are designed to give instructions and recommendations for securing Mac OS X [...]
Last week SANS held two WhatWorks summits in Las Vegas. One covered penetration testing and ethical hacking, and the other covered web application security. Jeremiah Grossman was the keynote speaker for the web application security summit, and he posted his post-summit thoughts on his blog. The format favored enterprise speakers rather than experts, which [...]
The 2008 ShmooCon videos and presentations are now online! Do note that some of the videos are named incorrectly, but the folks at room362 mapped the proper videos to presentations. It looks like there were lots of interesting presentations at this year's ShmooCon, and I'm looking forward to reviewing the material. Some presentations that are [...]
Here is a list of new security tools that were released in the past week. SQL Ninja 0.2.3 - SQL server injection and takeover tool fgdump 2.1.0 - Tool for mass password auditing of windows systems AxBan 1.0.0.4 - ActiveX killbit program Nmap 4.65 - Network port scanner Nessus 3.2.1 - Vulnerability assessment tool Immunity [...]
Skype recently released an update to their Windows client to fix a major security issue. The Skype advisory is SB/2008-003: Skype File URI Security Bypass Code Execution Vulnerability. The latest Skype for Windows client is now 3.8.0.139. There are some more details of the vulnerability on the iDefense Labs advisory page. II. DESCRIPTION Remote exploitation [...]