|
ShmooCon 2010 Shmoo Photos
Infosec Events
The ShmooCon 2010 East coast hacker convention ran from Friday,
February 5 to February 7, 2010. Here are some of the fantastic
photos and images from the ShmooCon 2010 information security
event.
Visual Studio 2010 and .NET Framework 4 Release Candidate
Sam Gentile
is live at http://msdn.microsoft.com/en-us/vstudio/dd582936.aspx for
MSSDN subscribers and public tomorrow. More in an upcoming
New and Notable.
Getting Specific About Compliance
Speaking of Security, the RSA Blog and Podcast
“Compliance” is one of those words that is used to
mean different things in different contexts. I see it crop up
just about everywhere online, at tradeshows...
Making Progress Matters Most
TaoSecurity
 I found this article by
John M. Kamensky t
More information security experts needed, says CyberSecurity Malaysia
National Cyber Security - Blogs
KUALA LUMPUR, Feb 9 (Bernama) --
Although Internet banking cybercrimes are still at a
manageable level, the country still needs to produce more
information security experts, according to CyberSecur
McAfee Labs Q4 Threat Report
McAfee Avert Labs
Today we unveiled our Q4 Threats Report, which highlights the
most significant spam-generating stories in 2009 as well as the
rise of political hacktivism in countries like Poland, Latvia,
Denmark and Switzerland. The report’s findings also
reveal t
Outguessing the Terrorists
Schneier on Security
Isn't it a bit embarrassing for an "expert on
counter-terrorism" to be quoted as saying
this?
Bill Tupman, an expert on counter-terrorism from Exeter
University,
BlackHat DC 2010 Mac OS X Physical Memory Analysis
Volatility
BlackHat DC 2010 Mac OS X Physical Memory Analysis:
In case you may have missed it, Matthieu Suiche gave an
interesting presentation about performing M
Black Hawk Down
F-Secure Antivirus Research Weblog
Kudos to the Chinese authorities for shutting down an online
hacker training operation known as the Black Hawk Safety Net.
The Black Hawk operation, which provides Trojan software and
lessons in cyberattack techniques, comprises 12,000 paid
subscribers an
MFT Analysis
Windows Incident Response
As an aside to timeline analysis, I've been considering the
relative confidence levels inherent to certain data sources,
something I had
discussed with Cory. One
U.S. MSDN Premium Subscribers: Test and Develop at No Cost on Windows Azure
MSDN: Security
As an MSDN Premium Subscriber, you can leverage your MSDN
subscription to obtain over 700 hours of compute time on
Windows Azure to test and develop your latest cloud
applications. U.S. developers can also benefit from no-cost
phone and e-mail technical s
Learn from the Best in Web Design and Development at MIX10
MSDN: Security
MIX10 favorites Scott Guthrie and Bill Buxton have been
announced as keynote speakers. Come hear these experts and
others speak on UX, design, Windows phone, and much more.
Register by February 21st to take advantage of the US$200
discount on your pass.
More Than Changing Frequencies
The Day Before Zero
Nothing ever stands still on the Internet. Like life on the African Savannah, the old and the sick are easy prey to those who are faster and more agile. Old and vulnerable software, along with aging infrastructure, quickly fall prey to swift and orchestra
Common Sense
Roger's Information Security Blog
Does anyone really think that sneezing into your arm is common sense? I suspect that if you do you must have small kids and have been trained by some sort of Elmo video. I dont recall any mass agreement on sending snot flying into my shirt sleeve as
Sweden Probing Cisco, NASA Hacks
Wired: Threat Level
Swedish investigators are probing a hacker U.S. authorities accuse of unlawfully intruding into Cisco Systems, NASA’s Ames Research Center and NASA’s Advanced Supercomputing Division, the authorities said Monday.
Philip Gabriel Pettersson, kno
A Genetic Determinant of Biological Aging in Humans?
Technology Review Feed - TR Editors' Blog
Researchers have found a genetic variant linked to the length of telomeres.
Some people may be genetically programmed to age at a faster
rate, according to new research. Scientists have identified a genetic variant linked
to the length of telom
Links for 2010-02-08
taint.org: Justin Mason's Weblog
Comerica Phish Foiled 2-Factor Protection
Krebs on Security
A metals supply company in Michigan is suing its bank for poor security practices after a successful phishing attack against an employee allowed thieves to steal more than $560,000 last year.
Larry Suto Web Application Security Scanner Comparison Report Inaccurate Vendors Say
CGISecurity.com: Your Web Site and Application Security Resource
Larry Suto published a report comparing the various commercial web application security scanners. As you'd expect the vendors are likely to respond about how inaccurate the report is, however in this case both HP and Acunetix argued valid points. From Acu
Tax evasion and welfare fraud
ADD / XOR / ROL
Hey all,
now that all the technical stuff is going to the zynamics company blog , I will have some room here for writing about other topics. Beware: Politics might be involved, or just general rants.
Jurors: Stop Twittering
Wired: Threat Level
A federal court policy making body is belatedly entering the internet age by proposing that judges clearly inform jurors they must not electronically discuss cases they are hearing.
It’s standard procedure to inform jurors to remain mum and not cond
Mobilizing the Public on Cybersecurity
National Cyber Security - Blogs
The release
last week of the Department of Homeland Security’s first ever
Quadrennial Homeland Sec
US-China tensions continue over Google
National Cyber Security - Blogs
The US-China tensions have continued over Google’s criticism of
alleged Chinese hacking and censorship. The Obama administration has
used the issue as part of its intensifying pressure on Beijing since
the beginning of the year, i
Cyberspace Threats Could Affect National Security
National Cyber Security - Blogs
According to the White House’s top counter-terrorism advisor on
Sunday, the United States faces “serious and significant” cyberspace
threats which may affect national security.
3/4: Carlos Kelly McClatchy Memorial Symposium on Journalism and Diversity
You Know What's Stupid? Everything I Don't Understand
None
Dave Marcus is ready for his Oscar
McAfee Avert Labs
As a rule, we dont do product plugs on this blog for obvious reasons. This is the place for research and data on threat and response. But were going to make an exception to bring you a video from Dave Marcus, the guy who keeps the McAfee Labs blog running
New member of the OSSEC team
OSSEC Blog
I am happy to announce the arrival of the newest member of the OSSEC team. Priscila Cid joined our team yesterday and even though she is only 50 cm tall, she is already very active and doing very well.
The Limits of Visual Inspection
Schneier on Security
Interesting research:
Target prevalence powerfully influences visual search behavior. In most visual search experiments, targets appear on at least 50% of
Week 5 in Review
Infosec Events
Events Related:
A Conference By Any Other Name… – windowsir.blogspot.com
A few comments on DoD CyberCrime 2010 and Black Hat DC
Resources:
Get FREE copies of Hakin9 Magazines — PDF Download – professionalsecuritytesters.org
All
Watch out for flower-show.org
F-Secure Antivirus Research Weblog
We saw a pretty PDF file today (md5: 116d92f036f68d325068f3c7bbf1d535).
It looks like this:
Nice flowers.
Un
Timeline Analysis...do we need a standard?
Windows Incident Response
Perhaps more appropriately, does anyone want a standard, specifically when it comes to the output format?
Almost a year ago, I came up with a ShmooCon 2010 Day Three
Infosec Events
ShmooCon 2010 East Coast Hacker Convention - Three days of demonstrations on technology exploitation, software and hardware solutions, and discussions of critical information security issues; information disclosure, authentication, vulnerabilities, tools,
Security breaches of state computer systems in recent years
National Cyber Security - Blogs
Timeline
2010 — The Iowa Racing and Gaming Commission’s server containing
more than 80,000 records, including casino employee information, is
compromised.
2008 — Officials
More Details on the Chinese Attack Against Google
Schneier on Security
Three weeks ago, Google announced a sophisticated attack against them from China. There have been some inter
Phishing Pages Pose as Secure Login Pages
TrendLabs | Malware Blog - by Trend Micro
TrendLabs recently spotted a new phishing site spoofing CenturyLinks secure login page from one of its anti-phishing resources.
CenturyLink, created by the merger of CenturyTel and Embarq on July 1, 2009, is a leading provider of high-quality voic
worldrofwarcraft.com
F-Secure Antivirus Research Weblog
The World of Warcraft online game has over 10 million players around the world.
World of Warcraft also has hundreds of phishing websi
FakeAV Uses False Microsoft Security Updates
SophosLabs blog
Today atSophosLabs we encounteredanotherinteresting rogue security software (Fake AV) variant, Troj/FakeAv-AUF. When run Troj/FakeAv-AUFposes as the Windows Automatic Updatefacilityand purports to install an update named XP Internet Security.
This is, as
Please Let Me Explain
BlogInfoSec.com
Whenever you speak to a reporter, you are always at risk that what will be published isnt quite what you meant or that the context of your statement within the article will distort your meaning. Knowing this, you usually have to choose between the importa
Caisse dEpargne Customers, Beware!
TrendLabs | Malware Blog - by Trend Micro
It seems that cybercriminals will really stop at nothing to further their malicious activities. Trend Micro fraud analysts received yet another spammed message obviously designed to catch unwitting Caisse dEpargne, a French semicooperative bank, customers
Gmail Phish
F-Secure Antivirus Research Weblog
Just a quick note to readers to be aware of e-mails purportedly from Gmail administrators. One of our Fellows recently received a message from "The Google Mail Team" asking users to verify their account details to combat "anonymous registration of account
CyberSpeak February 7, 2010
CyberSpeak's Podcast
Listener Email
- Aaron sends us to tell about using Stitcher feed
- Paul writes to ask how someone without forensics background should go about starting out. Ovie and Bret give some pointers.
- Ovie is starting a An Intelligent Software Assistant Debuts
Technology Review Feed - TR Editors' Blog
Siri
Last year, we selected the "intelligent software assistant" Siri<
|
