When I reported on the Vocera certificate security bypass flaw, SecurityFocus picked up on it and created Bugtraq ID 27935 to warn their customers about the vulnerability. I dropped a note to Secunia about the flaw but they seem to believe that a flaw is only a flaw if it was accidental and not an irresponsible design choice.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is an outspoken and controversial author and journalist; she contributes to ZDNet, CNET, CBS News and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Finjan said it has uncovered a database with more than 8,700 FTP account credentials--user name, password and server address--that allow hackers to compromise security and deliver malware as a service.In a report released Wednesday, Finjan said the list of stolen accounts includes many Fortune 500 type companies.
It didn't take long for VMware to answer the security bell. The company on Wednesday announced a technology called VMsafe that aims to integrate security software with the hypervisor--the linchpin of virtualization software.
McAfee has unearthed a Windows Mobile PocketPC Trojan that disables security, installs via a memory card, can't be uninstalled and makes itself your home page.According McAfee's Avert Labs blog, the Trojan has been discovered in China.
CAPTCHAs sound like a great idea. Give humans a little test to verify they aren't machines, verify an account and thwart hackers.
Core Security Technologies said Monday that it has discovered vulnerability in VMware's desktop virtualization software that allows an attacker to gain complete control a system and launch executable files on the host operating system.The discovery is notable given that virtualization security is largely uncharted territory.
Two days after news of the Vocera Wi-Fi VoIP communicator PEAP security bypass vulnerability, I received confirmation from Cisco that their model 7921 Wi-Fi VoIP phone is also vulnerable to the same issue where digital certificates aren't cryptographically verified. Both Cisco and Vocera have told me that they intend to fix future implementations of PEAP and do the necessary steps to ensure certificate authenticity.
Microsoft Security guru Michael Howard gave a spirited defense of Jeff Jones' research and had one big message: Microsoft has admitted it has security problems. What about the rest of the industry?
Computer encryption technologies have all relied on one key assumption that RAM (Random Access Memory) is volatile and that all content is lost when power is lost. That key assumption is now being fundamentally challenged with a $7 can of compressed air and it's enough to give every security professional heart burn.
Day 2 is done and Black Hat is wrapped up. The second day of talks was power-packed with some really great presentations.