Today at the Claremont Resort in Berkeley California, I attended the Web 2.0 Security and Privacy workshop. It was was sponsored by IEEE, whom just finished their Symposium on Security and Privacy yesterday. The papers for the Web 2.0 Security and Privacy workshop are now available, and can be found on the program page. Presentations [...]
This post was guest blogged by Tom of spylogic.net. If you are in the Cleveland, Ohio area and a security professional be sure to check out the other security bloggers that are located in our area: Security Second Thoughts The Security Shoggoth Securi-D Even if you are not from Cleveland, check them out! Matt and [...]
Today I noticed a ton of duplicate content on various blogs. My first thought was they were all hacked, but the content pages weren't malicious at all. I then noticed that all the blogs that were effected were hosted blogs at wordpress.com! Somehow, all the feeds were now pointing to http://en.blog.wordpress.com/feed/. Below are a couple [...]
Yesterday Tenable Network Security announced an update to their subscription model for their very popular vulnerability scanner Nessus. The bottom line is that as of July 31st 2008, any commercial use of the application will require a paid subscription. A small bit of good news is that it will still be free for home use [...]
Jeremiah Grossman recently did a short podcast on Help Net Security on his top security conferences. He didn't name one as the best, because each conference caters to all different sorts of people. Some are highly technical, some are more business related, and some are more underground. My question to you is which conference is [...]
Because I maintain the information security events calendar, I often get asked about local information security events. If I were to add all the local events that I know about, it would fill the calendar with a ton of entries, many of them not applicable to the users. I might start another calendar only for [...]
Over the last week, here are some of the new security tools released. Microsoft Debugger 6.9.3.113 - 32bit and 64bit Microsoft Fiddler 2.1.6.1 - Web proxy tool for IE Hexer 1.2.0 - Hex Editor with python scripting ability Nmap 4.62 While there are other sites that track tools on a daily basis, these are tools [...]
May is a bit slower with only 7 different events going. Here is a list of information security events in May: EDUCAUSE Security 2008: May 4 - 6 ChicagoCon Training and Conference: May 12 - 17 LayerOne 2008: May 17 - 18 IEEE Symposium on Security and Privacy: May 18 - 21 Systematic Approaches to [...]
Yesterday WhiteHat Security had a luncheon at Le Meridien Hotel in San Francisco. Trey Ford presented on the Payment Card Industry (PCI) Data Security Standard section 6.6. And Jeremiah Grossman presented a solution to reduce vulnerability exposure time by virtual patching with F5 Big-IP equipment. I took video of both presentations, but YouTube no longer [...]
Another conference that I wasn't able to attend due to international travel was Black Hat Europe. The conference was last month, in wonderful Amsterdam. Presentations are now online at Black Hat. Some of the presentations that interested me: 0-Day Patch - Exposing Vendors (In)Security Performance Intercepting Mobile Phone/GSM Traffic Developments in Cisco IOS Forensics The [...]