Computer scientists working for the U.S. Department of Energy announced this week that they have been able to create a simulated botnet consisting of more than one million machines.
While the black hat community over in Las Vegas are learning about the bad things that can be done, I am sitting at my relatively safe desk in Hammersmith not at all envious of the events in Nevada..
While the black hat community over in Las Vegas are learning about the bad things that can be done, I am sitting at my relatively safe desk in Hammersmith not at all envious of the events in Nevada..
More fearmongering. The headline is “Terrorists could use internet to launch nuclear attack: report.” The subhead: “The risk of cyber-terrorism escalating to a nuclear strike is growing daily, according to a study.” In the article: The claims come in a study commissioned by the International Commission on Nuclear Non-proliferation and Disarmament (ICNND), which suggests that under the right circumstances, terrorists…
 The Tech Herald |
McAfee gobbles up MX Logic for cloud security push
Register The deal – announced Thursday – is designed to bolster McAfee's existing 'security as a service' portfolio. MX Logic's filtering, email archiving and … McAfee shoots for the cloud with MX Logic buy McAfee buys local e-security company MX Logic introduces enhancements to email and internet security … |
 Canada.com |
Text-message security flaw could leave iphone open to hackers
Telegraph.co.uk A vulnerability in the way Apple's iphone handles text messages could enable hackers to take control of your handset, warn security experts. … Apple To Patch iPhone Security Flaw [UPDATE] Security experts warn of SMS vulnerabilities Apple fixes iPhone flaw that could let hackers take it over remotely |
|
More Australian troops to provide security for Afghanistan's elections
Xinhua CANBERRA, July 31 (Xinhua) — Australian forces in Afghanistan have doubled their capacity with the arrival of a 120-strong combat team to provide security … |
Researchers have identified a new and dangerous banking trojan that can utilise a Windows tool to spread itself to all workstations across an organisation.
Black Hat USA 2009 is history. My two classes of TCP/IP Weapons School 2.0 went very well. I should be back to teach in DC, Barcelona, and Las Vegas next year. Thank you to my students for your positive feedback and cooperation in class! Despite your numbers we had little to no problems and I believe everyone learned something useful. For future classes I will add a table of contents, focus the questions, add more on my personal methodologies, and add more consistent page numbers to the class books. I added two of your comments to my Training page, and I’ll add one other here:
The instructor was great. Very informative and very “in the weeds” for a Director!
That made me laugh.
I recorded my take-aways from the Briefings using my new Twitter.com/taosecurity account. Moxie Marlinspike delivered my favorite briefing. He completely demolished SSL, and he presented the material in a very understandable story. As one attendee commented to me: “he told a story we could all follow, unlike some of the other speakers.” In addition to Moxie, Dan Kaminsky, and Alex Sotirov & Mike Zusman also showed SSL problems.
I paid a decent amount of attention to the “mobile” track this year. The outside world seems to not realize that the iPhone or Blackberry in your pocket is a computer. Some of the vendors don’t think that way either. Apple is becoming the new Microsoft as mentioned by several people this week. Start with the page listing Apple security updates: http://support.apple.com/kb/HT1222. What kind of a URL is that?
Now look for iPhone updates:
Can you spot the problem here? How about more timely updates?
Now select the latest update and search for “arbitrary code execution”. I counted 27 instances. The bottom line is that Apple needs to step up to the plate. How about creating a PSIRT like the grown-up vendors have?
A close second favorite talk was “Fighting Russian Cybercrime Mobsters” by Dmitri Alperovitch and Keith Mularski. That’s the kind of threat-centric talk that everyone can understand. Jeremiah Grossman and Trey Ford again brought it strong with their latest on making money through cybercrime. The last talk I attended, by Bill Blunden, featured an updated version of the slide where he posts my picture, except he used the more recent, grayer-beard photo. Thanks Bill — nice to meet you!
One single malicious text message can knock an iPhone offline, a pair of researchers disclosed at Black Hat.
 Sky News |
Hijacking iPhones and other smart devices using SMS
Register He said he informed Apple's security team of the vulnerability several weeks ago and has yet to receive an official response. The vulnerability is the same … Security experts warn of SMS vulnerabilities Experts find iPhone text-message security flaw Everybody Panic! The iPhone Has a Vulnerability! |
Adobe has issued a security update for Flash Player and AIR to address a number of critical vulnerabilities which could potentially allow an attacker to take control of the affected system.
Jeremiah Grossman and Trey Ford are two of the big brains behind Whitehat Security. Their presentation, Mo’ Money Mo’ Problems: Making a LOT more money on the Web the Black Hat Way, was a graphic example of how bad guys are making money. More importantly, they really pointed out how huge the amounts of money the bad guys are making with minimal technical prowess. The point they made that resonates with me personally is the difference between risk-based security and compliance based security.
Black Hat Microcast 5 – Jeremiah Grossman
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
Watch this FREE on-demand webinar to hear how you can build a secure, compliant and cost-efficient IT infrastructure today! We’ll walk you through the top 5 checklist for how to ensure your IT i…
Visitors’ personal information may be compromised, but no risk to UK security.
U.S. Department of Defense CISO Robert Lentz went down a laundry list of security technologies needed to protect both private and government networks from cybercriminals. The age of anonymity on networks needs to come to a close to improve national cybersecurity, Lentz said at Black Hat 2009.
McAfee will acquire MX Logic, one of the few remaining independent email security SaaS vendors, for $140 million in cash in a deal announced Thursday.
 Boston Globe |
US adviser to Iraqi military urges early US exit
The Associated Press Timothy R. Reese wrote that the years-long American effort to train, equip and advise Iraqi security forces has reached a point of rapidly diminishing … US should declare victory and leave Iraq, says top military officer U.S. Army colonel: U.S. should leave Iraq early because of … Memo says Iraqi forces competent; US can leave |
It helps in getting an interview with speakers when the speakers are co-workers. Kevin Stadmeyer and Garrett Held gave a talk called “Worst of the Best of the Best”, taking on the various industry awards and the questioning what goes into giving the awards. Since most of the people in are industry are fairly cynical, we probably aren’t going to be that surprised by the results.
Black Hat Microcast 4 – Kevin Stadmeyer and Garrett Held
By making a simple change, a fake SSL certificate can be created and used to persuade users that it is safe to enter their credit card information on a merchant site.