Dave Forstrom, director of Microsoft’s Trustworthy Computing on Microsoft’s “responsible disclosure” announcement, bug buyback programs and several Black Hat 2010 announcements. Also, Brad Arkin, senior director of product security and privacy on its decision to partner with Microsoft with its Active Protections Program, to give vulnerability data to security vendors prior to pushing out a patch.
Kevin Mahaffey, John Hering of mobile security vendor Lookout explain their latest project, App Genome Project, a study of 300,000 smartphone applications. The study findings are being released this week at Black Hat 2010. The two researchers said mobile applications pose a major threat and predict it to be the next big attack vector of cybercriminals.
SearchSecurity.com Editors Michael Mimoso and Robert Westervelt discuss this week’s Black Hat conference. Also, Caleb Sima of Armorize Technologies on a sensitive Black Hat talk that has been canceled.
The SearchSecurity editorial team discusses the general enthusiasm posed by security pros over cloud computing at the recent Gartner Security and Risk Management Summit. Also, the team talks about Twitter’s recent settlement with the FCC over its lax security policies and procedures.
Some say the KHOBE attack technique is a serious threat looming over enterprises, while others believe it’s been greatly over-hyped. Who’s right? Nick Lewis offers his analysis.
Jake Kouns of the Open Security Foundation talks about his latest project, Cloutage.org, which aims to track many of the outages, flaws and other issues that plague cloud services.
Felix “FX” Lindner, lead security researcher at Germany-based Recurity Labs, talks about a new Mozilla Firefox tool he developed that cleans SWF files making it difficult for attackers to target Flash vulnerabilities. Lindner plans to unveil the tool at Black Hat 2010 in Las Vegas. In this interview, he also talks about the difficulty of conducting security research under Germany’s strict cybersecurity laws and his previous research on bar code scanner software vulnerabilities.
In this edition of “Patrolling the Channel,” Victor Villegas of Computer Media Technologies Inc. lays out the game plan that partners need when a vendor makes a big move.
Encryption expert Robert Griffin, technical director at RSA, the security division of EMC Corp., explains why RSA is pushing card-based tokens over format preserving encryption in the payment process.
Dealing with advanced persistent threat (APT) presents unique challenges. Learn how an incident repsonse program can save your enterprise from APT.