Core Security Technologies said Monday that it has discovered vulnerability in VMware's desktop virtualization software that allows an attacker to gain complete control a system and launch executable files on the host operating system.The discovery is notable given that virtualization security is largely uncharted territory.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Two days after news of the Vocera Wi-Fi VoIP communicator PEAP security bypass vulnerability, I received confirmation from Cisco that their model 7921 Wi-Fi VoIP phone is also vulnerable to the same issue where digital certificates aren't cryptographically verified. Both Cisco and Vocera have told me that they intend to fix future implementations of PEAP and do the necessary steps to ensure certificate authenticity.
Microsoft Security guru Michael Howard gave a spirited defense of Jeff Jones' research and had one big message: Microsoft has admitted it has security problems. What about the rest of the industry?
Computer encryption technologies have all relied on one key assumption that RAM (Random Access Memory) is volatile and that all content is lost when power is lost. That key assumption is now being fundamentally challenged with a $7 can of compressed air and it's enough to give every security professional heart burn.
Day 2 is done and Black Hat is wrapped up. The second day of talks was power-packed with some really great presentations.
Update 2/23/2008 - Cisco confirms vulnerability in 7921 Wi-Fi IP phoneSecurity conscious businesses and organizations who implemented 802.1x/EAP enterprise-grade authentication are at risk with certain implementations of wireless LAN VoIP handsets.
Day 1 at Black Hat brought some outstanding talks. The day started off with David Hulton (aka h1kari, also the producer of ToorCon) and Steve (from THC), who presented on "Cracking GSM".
The proposed 3Com takeover has hit another snag with the Committee on Foreign Investment in the United States (CFIUS).In a statement Wednesday, 3Com said Bain Capital Partners and Huawei Technologies have withdrawn their filing with the CFIUS regarding their proposed merger.
Microsoft outlined what it does with incoming vulnerability research, how it designates flaws and playing the cloak-and-dagger game with hackers.In a Q&A with Ryan Naraine, Jonathan Ness, the lead software engineer on Microsoft's SWI Defense team, addressed a big emerging issue between the software giant and security researchers: Who has the onus to reproduce the flaw?
Gene Hodges, CEO of Websense, has had a busy year. The company has integrated the acquisition of SurfControl, built out its security suite and delivered strong financial results.