-
Hacking Hotel Keys and Point of Sale Systems at DEFCON
LAS VEGAS. Guests in hotels around the world make use of magnetic stripe-based key cards to gain access to their rooms. According to Weston Hecker, senior security engineer and pentester at Rapid7, all of those cards pose a security risk as there are weaknesses that could enable an attacker to modify cards for malicious purposes. […]
-
The Black Hat Kaminsky DNS Flaw: Eight Years Later
In the summer of 2008, my Black Hat USA experience was dominated by a single topic, from a single speaker, Dan Kaminsky and his big DNS flaw. On July 8, 2008, Kaminsky made a big splash announcing that he had found a huge flaw in the internet and that he had brought together the […]
-
Where Should Security Keys be Kept in the Cloud?
The use of cryptographic keys is a linchpin of modern security. When it comes to the cloud, there is some debate as to where those keys should exist and how their placement impacts cloud security. Andy Ellis, chief security officer at Akamai, has his fair share of experience building and deploying key management infrastructure and […]
-
How Does Security Impact Employee Productivity?
Security is a requirement for modern organizations that must protect their technology assets and corporate data against attacks. But what impact does security have on users within organizations? That’s one of many questions Dell addresses in a new study. Dell sponsored the July survey of 460 IT professionals and 301 full-time business users. One top-line […]
-
IoT ‘Security Hopscotch’ Is No Game: Chris Roberts
Chris Roberts has been in the news a lot this week, for all the wrong reasons. Roberts was banned from United Airlines after tweeting on a flight about his theoretical ability to hack into a plane’s WiFi system. FBI agents detained him for an interview after his flight, and there is now a federal advisory […]
-
DefCon: Advice on Evading Black Helicopters
In the modern post-Snowden world, the idea that we’re all constantly being watched is not as farfetched as it once was. But how does an individual who thinks they are being watched all the time avoid being watched? Speaking at last week’s Defcon security conference, Philip Polstra, associate professor of Digital Forensics at Bloomsburg University […]
-
SaaS Security Risks: It’s the Users, Stupid
Software-as-a-service (SaaS) applications offer organizations convenience and constant feature refreshes without the need to install and deploy software on-premises. But SaaS also brings a host of security concerns that could open an enterprise’s data to attack. At the Black Hat USA conference in Las Vegas this week, security researchers from Adallom will present a workshop […]
-
How to Reduce Use-After-Free Memory Risk
Look at any recent security update from Microsoft, Google or Mozilla and you will find use-after-free memory errors. These vulnerabilities enable attackers to take advantage of allocated memory after it has already been used. Attackers can potentially leverage that memory space to execute arbitrary code. “We’re seeing more use-after-free memory attacks than we ever have […]
-
How Was SQL Injection Discovered?
SQL injection has become the scourge of the Internet era. Year after year, it is cited as one of the top security vulnerabilities on the Internet, responsible for countless data breaches. Jeff Forristal, also known by the alias Rain Forrest Puppy, was one of the first people to ever document SQL injection. Forristal, now the […]
-
Apple Secures Mac OS X with Mavericks Release
Apple updated its OS X desktop and server operating systems this week with the 10.9 Mavericks release. Mavericks includes over 200 new features and a long list of security updates. Most of the security components in the Mavericks release are not currently available in the most recent OS X 10.8 update, which provides a […]
IT Security Resources
Top Cybersecurity Companies
Top 10 Cybersecurity Companies
Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis