TORONTO – The security business is full of different terms and methodologies for describing the threat model. In a presentation at the SecTor conference this week, Chris Pogue, director of Digital Forensics and Incident Responce at Trustwave, explained his firm’s simple four-step model for defining cybercrime. “As difficult as people want to make cybercrime, there […]
Every security researcher dreams of the day they can find one master vulnerability that acts like a skeleton key to unlock an entire system. Jeff Forristal, aka Rain Forest Puppy, has found this kind of vulnerability in Android, the wildly popular mobile operating system. The vulnerability involves a feature that is intended to actually help […]
Jeremiah Grossman, founder and CTO of Whitehat Security, has seen a lot of different types of security attacks in his time. He knows the most common types of attacks aren’t necessarily the ones that have the most risk. In its just-released Annual Website Security Statistics report, Whitehat Security provides insight into the attacks it saw […]
Secure Sockets Layer/Transport Layer Security is the foundational technology that secures Web transactions and communications, but it is not infallible. New research dubbed Lucky13 reveals that SSL/TLS is at risk from a theoretical timing attack that could expose encrypted data. TLS headers include 13 bytes of data used for the secure handshake protocol, said […]
In the beginning of the virus era, computer users were introduced to the concept of signature-based anti-virus scanners. It’s an idea whose time may well have come and gone. “Since the 1990s people have used signature-based scanners as their primary line of defense,” said Roger Thompson, chief emerging threats researcher at ICSA Labs, a research […]
The Metasploit penetration testing framework has always been about finding ways to exploit IT, in an effort to improve defense. The new Metasploit 4.5 release from security vendor Rapid7 goes a step further than its predecessors, offering a new phishing engine and updated exploit modules. “The phishing engine is part of a larger Social Engineering […]
TORONTO – For the last 35 years, Star Wars has been the cornerstone of mainstream and geek cultural awareness. While Star Wars is a piece of dramatic fiction, many have found inspiration and solace in it that can apply to the everyday real world. According to Kellman Meghu, head of Security Engineering for Check Point […]
As users have moved more of their activities to the Web, fraudsters have followed, devoting more of their attention to creating security threats based on Web applications. The shift from desktop-based threats to Web-based threats is changing the way modern IT security needs to be implemented and managed. Web applications by definition are accessible over […]
In the modern world of web development, there are a set of new and emerging specifications sometimes grouped under the moniker HTML5. One of those specifications is the WebSocket API, which enables two-way communications. WebSockets offer the promise of faster communications than traditional TCP — but according to a pair of security researchers, there is […]
LAS VEGAS. For the last decade, Apache web server users have been able to benefit from the open source ModSecurity Web Application Firewall (WAF). At the Black Hat security conference this week, ModSecurity developers will for the first time make their WAF available for the Microsoft IIS web server as well as the nginx open […]
Subscribe to Cybersecurity Insider for top news, trends & analysis