RSA Conference wrap: Taking security to the cloud [video]
Security-as-a-service was the big theme at this year
Security-as-a-service was the big theme at this year
Bryan Richard submitted the following announcement: Open call for nominations: Whether you're a systems administrator locking down a datacenter, a software developer, or just really like to use the latest open devices we want your feedback.
This question was recently debated by a panel at SOURCE Boston. Has the security researcher community given up all hope of full disclosure that it has resigned itself to debating partial disclosure? And is partial disclosure the new responsible disclosure? Those are heady and polarizing questions; so much so that two hours of spirited sparring Thursday during a panel discussion at SOURCE Boston brought us no closer to answers. Personally I think partial disclosure is perfectly fine; it's much more effective to control a fire if there are already extinguishers on the premise. As long as Vendors can be trusted it is in everybody's best interest to give them advanced notification, so they can have patches ready on disclosure day. However, most of this discussion is just academic.
At LinuxWorld today, SPI Dynamic's senior security engineer, Matt Fisher, talked about the vulnerabilities of Web 2.0. One think that I found interesting about this article was when it talks about how users of social-networking can submit html code. We all know this is definitely a security risk that no one should allow to happen. How can these types of sites safely check the html code submitted from users? Are they protecting their users enough?
This article presented is in defense of the NBC Dateline reporter and a different view of the matter at the recent DefCon. Ryan Naraine brings up valid points on why the actions of those in attendance at the conference could be considered 'childish' and 'over-the-top' and 'unnecessary'. He mentions key points of what the reporter Madigan did, specifically breaking the rules, as what the DefCon subculture is built upon. Read the actual article for a full alternative perspective. How do you feel about the actions taken against the NBC Dateline reporter?
First thing's first - I'm extremely biased in favor of this type of article because I identify with the creative hacker. The media-slanted definition of 'hacker' does the title no justice for the innovative, out-of-the-box, dedicated minds of the world which make word processing programs or the 'Internets' easy for even the media to use. This article covers the general feel of both Blackhat and DefCon conferences with a nod towards the NBC Dateline incident.
Now that DefCon is upon all of us in an age where laptops flow free like wine, one still has to wonder - why would anyone jump on the "free public WiFi" offered at the event? It doesn't take a mastermind to sum up that 1. I'm at a hacker's conference, 2. I'm at a hacker's conference just teeming with BlackHats and 3. oh look, what's this "Wall of Sheep" I'm looking at? And why is my name on it??? Anyone wishing to attend the conference might want to take a quick review of this article just to make sure you won't be walking in with a huge bullseye over your forehead. If you do go, be sure to come back here and let us know of the best (and worst!) of DefCon by posting here!
One of the only questions I could ask myself while reading this article is - why hasn't this been done before? Okay, maybe it has, but for our day an age we live in the moment, so here it is - the Pwnie Awards which will celebrate the most lethal bugs researched over the year. Categories range from such bugs as best 'client-side bug', 'server-side bug', and a sure to be popular 'worst vendor' award. Personally I think this is something everyone needs - it's nice to see a change of pace with a little humor thrown in there. Stay updated on this event and have some fun with the best (and worst) the Pwnies have to offer!
The annual RSA Conference this week is expected to show evidence of a maturing security industry with an increasing role for big-name companies. The event has long moved far beyond its origins as a get-together for cryptogeeks. It has developed into an annual gathering for corporate IT pros and a showcase for hundreds of companies, small and large, that hawk security products and services to businesses. This year is the 16th anniversary of the event. Again change is in the air.
SCALE 5X, the 2007 Southern California Linux Expo has opened for attendee registration. Early bird registration runs through January 24th. Join us for over 40 seminars and tutorials. Presentations from Chris Dibona, Ted Haeger, Don Marti, and more! Expo floor will include exhibits by IBM, Dell, Google, Krugle, Ingres, Trolltech, and others. SCALE 5x will be held in Los Angeles, CA on Feb 10-11, 2007.
We're a group of hackers, nerds, social outcasts, pirates, outlaws, and geeks (not limited to those groups though) that all share a few common bonds. Our love for technology, freedom, information, and most importantly, having fun. We meet on the first Saturday of every month at a location normally picked two weeks before the next meeting. Our meeting times are posted on the forums as well as on the side of this page.
HOPE Number Six was this summer's hacker conference sponsored by 2600 Magazine. Presenters and artists from all nationalities and disciplines participated in this forum. HOPE Number Six covered all aspects of hacking, the community surrounding it, and its effects across the world. For three days, The Hotel Pennsylvania was the nexus of discussion, planning, and activity for hacker ideas, opportunities, and understanding.
Even with the renewed scrutiny being given to government IT systems in light of the recent laptop theft at the Department of Veterans Affairs, officials working with the Environmental Protection Agency say the organization has significantly improved its security operations.
Open Source Development Labs (OSDL) is planning to host the first-ever Healthcare Day at LinuxWorld San Francisco on August 15, the Beaverton, Ore.-based firm announced this week.
The National Institute of Standards and Technology has revoked certification of the open-source encryption tool OpenSSL under the Federal Information Processing Standard. OpenSSL in January became one of the first open-source software products to be validated under NIST
A new set of guidelines may pave the way for dozens of Internet service providers in the U.K. to participate in a research project into the problem of spam, estimated to make up 60% or more of the world's e-mail traffic.
The bad blood between Cisco Systems Inc. and organizers of the Black Hat conference appears to be a thing of the past. One year after suing the hacker conference for allowing security researcher Michael Lynn to disclose a security vulnerability, Cisco is returning to Black Hat -- this time as one of the show's top sponsors. Black Hat USA will be July 29 to Aug. 3 in Las Vegas.
It has all the makings of a B-movie plot: A corporate network targeted by hackers and a half dozen high-school students as the company's only defense. Click here for Core!! Yet, teams of students from ten different Iowa high schools faced exactly that scenario during a single night in late May in the High School Cyber Defense Competition. The contest tasked the teenagers with building a network in the three weeks leading up to the competition with only their teachers, and mentoring volunteers from local technology firms, as their guides.