Chris Paget from IOActive is on stage here at Black Hat DC 2007, going ahead with his talk on RFID security issues. He has promised "not to mention a certain three-letter vendor" and made it clear that the talk had to be slightly modified to work around the legal issues.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.
Amidst reports on a worm squirming through a code execution hole in the Solaris 10/11 telnet daemon (in.telnetd), Sun Microsystem has released an inoculation script for systems that might still be unpatched.
Symantec is using the spotlight of the Black Hat DC 2007 conference to pick apart the security technologies built into Windows Vista. On the heels of its exposé of weaknesses in the UAC (user account control) mechanism, Symantec rolled out a Vista security portal with three new research papers discussing legacy threats that affect the brand new operating system.
Black Hat Diary: IOActive's decision to cancel its RFID hacking demo is the main topic of conversation here as white hat hackers ponder the ramifications of a vendor using patent infringement claims to thwart legitimate security research. The company at the center of the storm, HID Global, issued a statement acknowledging that it may be possible to clone a proximity card but insisted it "did not threaten" IOActive researcher Chris Paget to nix the presentation.
Another Black Hat conference, another vulnerability disclosure brouhaha. IOActive's Chris Paget's plan to explain why RFID technology is "insecure and untrustworthy" has run into a legal brick wall.
David Litchfield's ongoing assault on Oracle databases has unearthed a new method of exploiting PL/SQL injection vulnerabilities. Litchfield, co-founder and managing director at NGSS (Next Generation Security Software), plans to discuss the new technique at the Black Hat DC 2007 conference later this week.
Earlier this month at the RSA conference, I got a chance to see a demo of Immunity's Silica, a $3600 handheld devide that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform.
Mozilla has rolled out a major security update to fix a total of seven vulnerabilities in its flagship Firefox browser. The batch of patches apply to users of Firefox 18.104.22.168 and Firefox 22.214.171.124 (Windows, Mac, and Linux).
Firefox 126.96.36.199 as a high-priority browser
Security researchers at eEye Digital Security have found what is believed to be the first remotely exploitable vulnerability in a Microsoft Office 2007 application.