Security Wire Weekly


April 15, 2010  6:25 PM

Operation Aurora: Tips for thwarting zero-day attacks, unknown malware



Posted by: Jessica Scarpati
Threat Monitor

Threat MonitorIn December 2009, Google, Adobe and other companies were the victims of a damaging cyberattack called Operation Aurora. In this tip, expert Nick Lewis outlines the lessons learned from this attack, and how companies can avoid falling victim to similar attacks.

April 15, 2010  3:14 PM

OWASP Top 10 List revised



Posted by: Robert Westervelt
Security Wire Weekly, web application security

Jeff Williams, a co-author of the OWASP Top 10 List, explains some of the changes incorporated into the latest version. The list was updated for the first time in 3 years.

2010 Top 10 List:
A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards


April 8, 2010  7:28 PM

Cloud computing risks, challenges



Posted by: Jessica Scarpati
cloud computing, Security Wire Weekly

K. Scott Morrison, CTO and chief architect at Layer 7 Technologies talks about some of issues hindering adoption of cloud computing. Also, Wade Baker of Verizon on that firms new security incident framework.


March 25, 2010  5:28 PM

Pwn2Own hacker contest – DOE CISO on encryption



Posted by: Jessica Scarpati
encryption, hacking, Security Wire Weekly

A brief look at the Pwn2Own hacker contest at the CanSecWest Applied Security Conference in Vancouver, BC. Also Department of Education CISO Phil Loranger on encryption.


March 18, 2010  7:30 PM

Web application attacks security guide: Preventing attacks and flaws



Posted by: Jessica Scarpati
Cross-site scripting, Threat Monitor

Threat MonitorFrom buffer overflows to SQL injection, hackers have many techniques at their disposal to attack Web applications, and new methods constantly emerge. This week’s podcast edition of Threat Monitor highlights one of the tips from this special Web application attack security guide, entitled: Prevent cross-site scripting hacks with tools, testing.


March 16, 2010  12:13 PM

Squad: RSA Conference 2010 in review



Posted by: Jessica Scarpati
2010 RSA Conference, Security Squad

The editorial team recalls the themes and discussions that dominated the 2010 RSA Conference. Federal cybersecurity issues ruled with the debut of White House cybersecurity coordinator Howard Schmidt. Microsoft’s Scott Charney explained the legal action the software giant took to disrupt the Waledac botnet. Also, attendees showed interest in social networking security. In addition, the convergence of cloud computing and identity management was showcased.

Program links:
Check out the RSA Conference 2010 news coverage.
Social networking risks, benefits for enterprises weighed by RSA panel
White House declassifies CNCI summary, lifts veil on security initiatives


March 11, 2010  3:12 PM

Kaminsky on DNSSEC progress



Posted by: Jessica Scarpati
DNSSEC

Dan Kaminsky of IO Active explains the benefits of DNSSEC and why products and services that use the technology could take off in the next few years. Scott Rose of NIST describes the lessons learned from the deployment across the .gov domain at federal government agencies.

Program links:

Experts see DNSSEC deployments gaining traction
Increased authentication at the DNS layer will block DNS cache poisoning and create new services, experts say. The root zone should be signed and verified by July.

DNSSEC: Has the Time Come? DNSSEC brings PKI to the Domain Name System and prevents dangerous cache poisoning attacks.

VIDEOVeriSign on DNSSEC support Joe Waldron, a product manager in VeriSign’s Naming (DNS) Group, said engineers are testing and upgrading systems to support security extensions for DNS (DNSSEC).


March 8, 2010  2:58 PM

Clientless SSL VPN vulnerability and Web browser protection



Posted by: Jessica Scarpati
Threat Monitor, VPN Security

Threat MonitorIn a recent US-CERT advisory, clientless SSL VPN vulnerabilities were listed as posing serious threats to Web browser security. In this tip, learn possible actions to take for Web browser protection.


March 4, 2010  5:51 PM

RSA 2010: Microsoft’s Scott Charney



Posted by: Jessica Scarpati
botnets, Security Wire Weekly

Scott Charney, Microsoft’s vice president for Trustworthy Computing discusses the software giant’s latest legal action to take down the Waledac botnet.


February 25, 2010  1:49 PM

RSA Preview: Former ChoicePoint CISO Rich Baich



Posted by: Jessica Scarpati
2010 RSA Conference, Security Wire Weekly

Rich Baich, who heads Cyber Threat Intelligence Group at Deloitte, shares his thoughts on the 2010 RSA Conference and the current threat landscape.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: