Security Wire Weekly:

July, 2008

Jul 31 2008   3:08PM GMT

The state of software security



Posted by: SearchSecurity.com Staff
The Nameless Security Podcast

Gary McGraw, CTO of Cigital, is the first guest on SearchSecurity.com’s newest podcast series, The Nameless Security Podcast with Dennis Fisher. McGraw discusses the state of software security, the increasing influence of outside disciplines on the security industry and how his own background in music and philosophy has influenced his work in security. Special thanks to Gary’s band, Where’s Aubrey? for the great intro music.

 
icon for podpress  The Nameless Security Podcast [26:30m]: Play Now | Play in Popup

Jul 30 2008   2:39PM GMT

SWW: Infiltrating phishers



Posted by: SearchSecurity.com Staff
Security Wire Weekly

Security researchers Billy Rios and Nitesh Dhanjani explain how they infiltrated the phishing underground in a preview of their upcoming Black Hat presentation: “Bad Sushi: Beating Phishers at Their Own Game.”

 
icon for podpress  Security Wire Weekly: Infiltrating Phishers [32:20m]: Play Now | Play in Popup


Jul 28 2008   4:51PM GMT

Lessons Learned Four Years of Data Breaches



Posted by: SearchSecurity.com Staff
Security Newsmakers

Security NewsmakersIs your data safe? Do you know who you can trust? Do you know where the next attack is likely to come from? Think again. Verizon Business went through more than 500 data breach investigations over four years to determine trends in attack vectors and where victim organizations fell down. The findings of its “2008 Data Breach Investigations Report” may surprise you. In the July Newsmakers Podcast SearchSecurity.com’s Neil Roiter asks Verizon’s Bryan Sartin, managing principal, investigative response, what lessons we can take from this unique report.

 
icon for podpress  Lessons Learned: Four Years of Data Breaches: Play Now | Play in Popup


Jul 23 2008   2:13PM GMT

SWW: Virtualization Security Apocalypse



Posted by: SearchSecurity.com Staff
Security Wire Weekly

Christofer Hoff, chief security architect at Unisys, previews his upcoming Black Hat briefing “The four horsemen of the virtualization security apocalypse.” Hoff says virtualization security could prove to be very costly for companies as they try to sort out the new governance, oversight and manageability issues being introduced by the technology.

 
icon for podpress  SWW: Virtualization Security Apocalypse: Play Now | Play in Popup


Jul 16 2008   2:23PM GMT

Threat Monitor: Ransomware — How to deal with advanced encryption algorithms



Posted by: SearchSecurity.com Staff
Threat Monitor

It’s late in the day, and your CEO reports a strange message on his computer screen: his files have been encrypted, and a payment is required to return all of his data. What do you do? Don’t give in to the cyberterrorists just yet. Mike Chapple explains five ways that you can fight ransomware and recover your files.

 
icon for podpress  Threat Monitor [7:56m]: Play Now | Play in Popup


Jul 16 2008   1:55PM GMT

Security Wire Weekly - Dan Kaminsky on the DNS Server flaw



Posted by: SearchSecurity.com Staff
Security Wire Weekly

Noted network security researcher Dan Kaminsky, director of penetration testing at IOActive, explains his discovery of a DNS Server flaw that led to a coordinated vendor patch. Also joining is Rich Mogull, founder of independent information security consulting firm Securosis, who discusses flaw disclosure in the wake of the discovery.

 
icon for podpress  Security Wire Weekly: Play Now | Play in Popup


Jul 9 2008   1:44PM GMT

Security Wire Weekly: iPhone Mania and Enterprise Security



Posted by: SearchSecurity.com Staff
Security Wire Weekly

Tom Cross, mobile security expert with IBM’s X-Force security research
team discusses smartphone security on the heels of Apple’s release of iPhone 3G. As more end users bring their smartphones into the workplace, companies need sound mobile security policies and technologies in place for data protection. Cross gives some tips for controlling smartphone use in the enterprise.

 
icon for podpress  Security Wire Weekly: iPhone Mania and Enterprise Security [16:25m]: Play Now | Play in Popup


Jul 3 2008   8:50AM GMT

Threat Monitor: Hidden endpoints — Mitigating the threat of non-traditional network devices



Posted by: SearchSecurity.com Staff
Threat Monitor

Organizations have many safeguards in place for network-enabled devices like PCs and servers, but few realize the threat posed by non-traditional devices like printers, physical access devices and even vending machines. Endpoint security expert Mark Kadrich offers up some worst-case scenarios and explains how these and other endpoints can be protected.

 
icon for podpress  Threat Monitor [05:50m]: Play Now | Play in Popup


Jul 2 2008   2:03PM GMT

Security Wire Weekly: SQL Injection Protection



Posted by: SearchSecurity.com Staff
Security Wire Weekly

Scott Matsumoto, a principal consultant and secure coding expert with Cigital Inc. talks about SQL injection attacks. Matsumoto explains the tools available to software developers, QAs and security pros in the development team to provide better code and protect against SQL injection.

 
icon for podpress  Security Wire Weekly [18:27m]: Play Now | Play in Popup