Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly critical. Apache SpamAssassin is an anti-spam framework we stand behind and have been using in Guardian Dig...
Trends including the increase in web data and the number of people accessing the internet will have implications for information security in the future, says a report by PricewaterhouseCoopers (PwC), commissioned by government body the Technology Strategy Board.
Each spring, the MIS Training Institute hosts InfoSec World, an educational event that brings information security practitioners together to learn from each other. This year, volcanic fallout prevented a few participants from making the trek. But those who attended were treated to detail-rich sessions about today's biggest security threats.
Companies crave experience in their security staffers, dimming prospects for entry-level applicants. Bill Brenner on how a young upstart can break through. If you're young, breaking into the security industry can be hell.
Late last month, another kind of games was held in Vancouver: the Pwn2Own contest, where computer-security researchers were invited to hack computers using unknown, or
Owners of Apple products have a tendency to be complacent about security, but the results of this year's Pwn2Own contest suggest a little more wariness may be in order. "It's the fourth year they've run the contest, and every year someone's broken into Safari," noted Charlie Miller, the security analyst who won $10,000 and a MacBook Pro for hacking the browser in this year's event.
Hackers took down Apple 's iPhone and Safari browser, Microsoft 's Internet Explore 8 (IE8) and Mozilla's Firefox within minutes at today's Pwn2Own contest, as expected.
The two-man team of Vincenzo Iozzo and Ralf-Philipp Weinmann exploited the iPhone in under five minutes, said a spokeswoman for 3Com TippingPoint, the security company that sponsored the contest. The pair also walked away with $15,000 in cash, a record prize for the challenge, which is in its fourth year.
Privacy is not dead in the era of online social networking. It just needs careful curation.
That was the message Saturday from Danah Boyd, a social-media expert who works for Microsoft Research and who was Saturday's keynote speaker at the South by Southwest Interactive (SXSWi) festival here.
Speaking at the RSA Conference in San Francisco on Wednesday, Secretary of the Department of Homeland Security (DHS) Janet Napolitano announced the National Cybersecurity Awareness Campaign Challenge Competition, a contest to solicit ideas from individuals and industry about how to best engage the American public in a discussion about cybersecurity.
Pwn2Own is a famous contest held in CansecWest Conference. Every year there is a big reward for researchers who finds exploitable bugs in popular browser and OS and also in mobile devices like iPhone. For the past two years the Pwn2Own contest champion was Charlie Miller (0xcharlie on Twitter), one of the most famous bug hunter and security expert in the world.
As RSA Conference 2010 opens this week in San Francisco, vendors are using this major security show to launch products ranging from hardware to software to virtual appliances in an effort to address specific network security needs. Here are some of those offerings.
The Cloud Security Alliance and Hewlett-Packard will release research today at RSA Conference that identifies the top threats to cloud computing. The document is a companion to the CSA's "Security Guidance for Critical Areas in Cloud Computing," which was updated in December.
The first time I attended the RSA Conference in 2005, I was overwhelmed.
The show floor is massive and once you go in it can be hard to find the right door out. Vendor salespeople swamp you. The Tuesday-morning keynotes can be an assault on the eyes, with speakers standing in front of massive uber-resolution screens.
The Internet Research Task Force's (IRTF) Anti-Spam Research Group (ASRG) has produced a summary of how DNS blacklists and whitelists (DNSBLs and DNSWLs, designated in the RFC as DNSxLs) should be used and of the security issues which need to be considered when doing so. The summary is in the form of a 'Request for Comments' (RFC 5782).
A hacking contest next month will award cash prizes of $15,000 to anyone who can break into an iPhone, BlackBerry Bold, Droid or Nokia smartphone. The prizes are 50% more than the top awards given last year at Pwn2Own, which will kick off March 24 at the CanSecWest security conference in Vancouver, British Columbia. Altogether, $100,000 could be handed out by 3Com TippingPoint, the contest sponsor.
Open Source Days is the largest open source conference in the Nordic area. It's your opportunity to meet, share, and learn from professional open source experts.
Many CSOs view ShmooCon as an event of small importance. You don't see the suits and ties that are on display at RSA. In fact, to those who haven't attended, this conference is just a place where twenty-something hackers come to get drunk and throw TVs out hotel windows. Another crazy Black Hat/Defcon-caliber conference, more than one high-level security exec has told me in the past.
A technique used in Web application development platforms that provides a constant look-and-feel across multiple Web pages can potentially expose sensitive user data, such as credit-card numbers, according to researchers, who at next week's Black Hat DC will demonstrate a new class of vulnerabilities in Apache MyFaces, Sun Mojarra, and Microsoft ASP.NET. They will also release a tool that tests for the flaws.
As you may have noticed, posting to this blog was light last week, as in non-existent (OK, so you didn't notice.) This was because I was engaged in some serious geeking-out at the LCA2010 conference.
One of the talks that I saw came from Jon Corbet, who gave a run-down on recent changes to the Linux kernel. A statistic that he mentioned along the way has garnered much comment: the fact that "75% of the code comes from people paid to do it.
Very rarely do movies put a real computer application to do a real thing, even rarely do they actually use it correctly. But, Nmap here, seems to be the hot favourite; be it CIA or NSA or a hot good-guy