The ultimate security conference media archive has a new home at good.net. Once hosted at EasyNews.com, the massive security conference media archive was consuming too much disk space, outgrowing the very generous host. The archive contains several years of audio and video from security conferences like BlackHat, DEFCON, DeepSec, Hack In The Box, HOPE, ShmooCon, [...]
For those that love web application security data, WASC has just released their Web Application Security Statistics Report for 2007. Statistics were compiled from several companies, including Booz Allen Hamilton, BT, Cenzic, dblogic.it, HP, Positive Technologies, Veracode, and WhiteHat Security. In total, over 32,000 sites were analyzed, with roughly 70,000 vulnerabilities of different degrees of [...]
The ISIS Lab of NYU-Poly is having their annual Cyber Security Awareness Week (CSAW) where students can compete and win prizes in a variety of information security challenges. There are seven information security competitions: Security Quiz, Application Security CTF, Forensics Challenge, Essay Contest, Awareness Poster Design Competition, Embedded System Challenge, and Research Post Competition. All [...]
Here is a list of events going on this month in the information security space. IT Security World: September 13-19 VizSEC 2008: September 15 RAID 2008: September 15-17 Interop New York 2008: September 15-19 OWASP AppSec 2008: September 22-25 ToorCon X: September 24-28
VMware has just released new versions of their VMware ACE, VMware Player, VMware Server, and VMware Workstation products to fix several security issues. The updates to VMware ACE, Player, Server, and Workstation are: Setting ActiveX killbit Starting from this release, VMware has set the killbit on its ActiveX controls. Setting the killbit ensures that ActiveX [...]
Last week the Office of Management and Budget released memoranda M-08-23, titled Securing the Federal Government’s Domain Name System Infrastructure. The document states that all US government top level .gov domains will use DNSSEC starting in January 2009. This is in response to the DNS cache poisoning attack that Dan Kaminsky made public a few [...]
WhiteHat Security released their 5th website security statistics report yesterday. They also held a webinar to go over the results, and the website security statistics slides are also available on slideshare. Total Websites: 687 Identified vulnerabilities: 11,234 Unresolved vulnerabilities: 3,541 (66% resolved) Websites HAVING HAD at least one serious issue: 82% Websites CURRENTLY WITH at [...]
Rob Fuller yesterday did an excellent guest post on the Zero Day ZDNet blog on the tools released at DEFCON 16. Here is the list of DEFCON 16 tools: Beholder: An open source wireless IDS program by Nelson Murilo and Luis Eduardo The Middler: The end-all be-all of MITM tools by Jay Beale ClientIPS: An [...]
Some videos from The Last Hope are now online via bittorrent. I hope more videos will come online soon, as many of the presentations sounded interesting. At the least, The Last Hope audio is all online at the offical The Last Hope site. Here is the list of videos currently being distributed: A Hacker's View [...]
Because the presenters have to submit their slides before the conference (so they can make the presentation discs), often the slides are outdated by the time the conference comes around. Thankfully a few presenters are posting their updated slides online, and here is a list of those that did. NTLM is Dead by Kurt Grutzmacher [...]