Security Wire Weekly


April 15, 2010  6:25 PM

Operation Aurora: Tips for thwarting zero-day attacks, unknown malware

Jessica Scarpati Jessica Scarpati Profile: Jessica Scarpati

Threat MonitorIn December 2009, Google, Adobe and other companies were the victims of a damaging cyberattack called Operation Aurora. In this tip, expert Nick Lewis outlines the lessons learned from this attack, and how companies can avoid falling victim to similar attacks.

April 15, 2010  3:14 PM

OWASP Top 10 List revised

Robert Westervelt Robert Westervelt Profile: Robert Westervelt

Jeff Williams, a co-author of the OWASP Top 10 List, explains some of the changes incorporated into the latest version. The list was updated for the first time in 3 years.

2010 Top 10 List:
A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards


April 8, 2010  7:28 PM

Cloud computing risks, challenges

Jessica Scarpati Jessica Scarpati Profile: Jessica Scarpati

K. Scott Morrison, CTO and chief architect at Layer 7 Technologies talks about some of issues hindering adoption of cloud computing. Also, Wade Baker of Verizon on that firms new security incident framework.


March 25, 2010  5:28 PM

Pwn2Own hacker contest – DOE CISO on encryption

Jessica Scarpati Jessica Scarpati Profile: Jessica Scarpati

A brief look at the Pwn2Own hacker contest at the CanSecWest Applied Security Conference in Vancouver, BC. Also Department of Education CISO Phil Loranger on encryption.


March 18, 2010  7:30 PM

Web application attacks security guide: Preventing attacks and flaws

Jessica Scarpati Jessica Scarpati Profile: Jessica Scarpati

Threat MonitorFrom buffer overflows to SQL injection, hackers have many techniques at their disposal to attack Web applications, and new methods constantly emerge. This week’s podcast edition of Threat Monitor highlights one of the tips from this special Web application attack security guide, entitled: Prevent cross-site scripting hacks with tools, testing.


March 16, 2010  12:13 PM

Squad: RSA Conference 2010 in review

Jessica Scarpati Jessica Scarpati Profile: Jessica Scarpati

The editorial team recalls the themes and discussions that dominated the 2010 RSA Conference. Federal cybersecurity issues ruled with the debut of White House cybersecurity coordinator Howard Schmidt. Microsoft’s Scott Charney explained the legal action the software giant took to disrupt the Waledac botnet. Also, attendees showed interest in social networking security. In addition, the convergence of cloud computing and identity management was showcased.

Program links:
Check out the RSA Conference 2010 news coverage.
Social networking risks, benefits for enterprises weighed by RSA panel
White House declassifies CNCI summary, lifts veil on security initiatives


March 11, 2010  3:12 PM

Kaminsky on DNSSEC progress

Jessica Scarpati Jessica Scarpati Profile: Jessica Scarpati

Dan Kaminsky of IO Active explains the benefits of DNSSEC and why products and services that use the technology could take off in the next few years. Scott Rose of NIST describes the lessons learned from the deployment across the .gov domain at federal government agencies.

Program links:

Experts see DNSSEC deployments gaining traction
Increased authentication at the DNS layer will block DNS cache poisoning and create new services, experts say. The root zone should be signed and verified by July.

DNSSEC: Has the Time Come? DNSSEC brings PKI to the Domain Name System and prevents dangerous cache poisoning attacks.

VIDEO – VeriSign on DNSSEC support Joe Waldron, a product manager in VeriSign’s Naming (DNS) Group, said engineers are testing and upgrading systems to support security extensions for DNS (DNSSEC).


March 8, 2010  2:58 PM

Clientless SSL VPN vulnerability and Web browser protection

Jessica Scarpati Jessica Scarpati Profile: Jessica Scarpati

Threat MonitorIn a recent US-CERT advisory, clientless SSL VPN vulnerabilities were listed as posing serious threats to Web browser security. In this tip, learn possible actions to take for Web browser protection.


March 4, 2010  5:51 PM

RSA 2010: Microsoft’s Scott Charney

Jessica Scarpati Jessica Scarpati Profile: Jessica Scarpati

Scott Charney, Microsoft’s vice president for Trustworthy Computing discusses the software giant’s latest legal action to take down the Waledac botnet.


February 25, 2010  1:49 PM

RSA Preview: Former ChoicePoint CISO Rich Baich

Jessica Scarpati Jessica Scarpati Profile: Jessica Scarpati

Rich Baich, who heads Cyber Threat Intelligence Group at Deloitte, shares his thoughts on the 2010 RSA Conference and the current threat landscape.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: