Security Wire Weekly


December 9, 2010  4:22 PM

Winn Schwartau on securing mobile devices



Posted by: Jessica Scarpati
mobile device security, Security Wire Weekly, smartphone security

Security luminary Winn Schwartau talks about the threats posed by the growing use of smartphones in the workplace and the stuggle faced by IT professionals to properly secure them.

November 16, 2010  12:44 PM

How should enterprises respond to Firesheep?



Posted by: Jessica Scarpati
Internet Privacy, Security Squad, WiFi threats

The SearchSecurity editorial team talk about how enterprises should respond to the Firesheep Firefox plug-in and employee use of public WiFi points. Also, a discussion on Microsoft’s ISP NAC plan and Google extending its bug bounty program.

(Music credit: “Take Time for the Tub” by by Derek K. Miller)


November 3, 2010  2:08 PM

Malware writers and memory dumping



Posted by: Jessica Scarpati
malware, Security Wire Weekly

Jibran Ilyas, a computer forensics investigator and malware researcher and Nicholas J. Percoco, senior vice president of Trustwave’s SpiderLabs team talk about malware sophistication and memory dumping techniques.


November 2, 2010  1:48 PM

Assessing the mobile application security threat



Posted by: Jessica Scarpati
mobile security, Security Wire Weekly

Mike Zusman and Zach Lanier of New York-based security consultancy Intrepidus Group on the growing threat posed by poorly coded mobile applications.

Program links:
Mobile application flaws a repeat of past mistakes
Developers of mobile applications are repeating many of the same coding errors that desktop coders and Web application coders made years ago, according to two security experts.


November 1, 2010  1:30 PM

Payment industry finalizes PCI DSS 2.0



Posted by: Jessica Scarpati
PCI, Security Wire Weekly

Jeremy King, the European director of the PCI SSC discusses the PCI DSS 2.0 changes in more detail and where the industry is headed.

Program links:

PCI DSS 2.0: PCI assessment changes explained
PCI DSS expert Ed Moyle explains how the changes in PCI DSS 2.0 will affect companies during the PCI assessment process.

PCI 2.0 guide: How have PCI compliance requirements changed?
In this PCI 2.0 learning guide, you will learn how the PCI compliance requirements have changed, if those changes have improved the standard and how the changes will affect your environment.


October 27, 2010  1:50 PM

PCI Tokenization Guidance



Posted by: Jessica Scarpati
PCI SSC, Tokenization

 

 

Gary Palgon, who leads the PCI SSC Tokenization Working Group, one of four working groups in the PCI SSC’s Scoping Special Interest Groups, talks about the road ahead for tokenization technologies.

 

 

 

 

 

  


October 22, 2010  3:13 PM

Coping with consumerization of IT



Posted by: Jessica Scarpati

This year’s Security 7 Award winners discuss strategies for dealing with the influx of consumer devices into the enterprise and ensuring sensitive data is protected.

The podcast participants include:

 Phil Agcaoili, chief information security officer, Cox Communications

Brian Engle, director of information security, Temple-Inland

Christopher Ipsen, chief infortmation security officer, State of Nevada

Nick Mankovich, senior director of product security and privacy, Philips Healthcare

Julie Myers, chief information security officer, University of Rochester 


October 21, 2010  2:27 PM

Compliance versus security



Posted by: Jessica Scarpati

This year’s Security 7 Award winners discuss the relationship between security and compliance and whether compliance helps improve security or detracts from it. 

The podcast participants include:

 Phil Agcaoili, chief information security officer, Cox Communications

Brian Engle, director of information security, Temple-Inland

Christopher Ipsen, chief infortmation security officer, State of Nevada

Nick Mankovich, senior director of product security and privacy, Philips Healthcare

Julie Myers, chief information security officer, University of Rochester 

 

 

 

 

 


October 21, 2010  12:50 PM

HD Moore on the Stuxnet Trojan



Posted by: Jessica Scarpati
Security Wire Weekly, Stuxnet

Metasploit creator HD Moore talks about the Stuxnet Trojan, the evolution of malware and his role at Rapid7.

Program links:

HD Moore, Rapid 7 release Metasploit Pro:
Metasploit Pro brings enhanced remote access and collaboration capabilities to the popular exploit framework.

Stuxnet Trojan attacks could serve as blueprint for malware writers:
The Stuxnet Trojan remains a threat to a small group of critical infrastructure facilities, but experts say future malware writers may attempt to copy its processes.

Following Stuxnet Trojan, NERC security chief calls for rugged software:
The Stuxnet malware has highlighted the need for software with fewer defects and is an “indictment on the IT business in general,” according to the security chief at NERC.


October 20, 2010  5:53 PM

Mythbusting PCI Compliance



Posted by: Jessica Scarpati
PCI, Security Squad

Joshua Corman, research director at The 451 Group joins the editorial team in a discussion on how PCI has affected the security industry and a recent Verizon survey of QSAs that indicates that organizations that had been breached were 50% less likely to be PCI compliant.

New Verizon report connects PCI non-compliance and data breaches (Oct. 05, 2010)
Results of the first Verizon Payment Card Industry Compliance Report indicate that organizations that had been breached were 50% less likely to be PCI compliant.

“Hug it out” Network Security Podcast:  This is the third of a three part series (Part 1Part 2) being sponsored by Tripwire called “PCI Hug It Out”.  In Part Three Gene Kim, Mike Dahn and Josh Corman explore the points of commonality between Mike and Josh and how they can turn them into calls to action from the community as a whole. The proceeds go to Hackers for Charity.

(Music credit: “Take Time for the Tub” by by Derek K. Miller)


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: