Security Wire Weekly

Debian: A niche OS with a not-so-niche security flaw

cgibney — Fri, 05 Sep 2008 14:34:15 +0000

A recently discovered flaw in the Debian version of Linux meant that any OpenSSL keys generated during the past 20 months could be guessed in a matter of hours. But does the vulnerability suggest broader security issues for Linux? Michael Cobb explores the origin of the flaw and what it means for even the non-Debian users.

Naraine, Roberts on Google Chrome, browser-based exploits and malware

Dennis Fisher — Thu, 04 Sep 2008 21:13:09 +0000

In this episode of the Nameless Security Podcast, Dennis Fisher sits down with Paul Roberts, a security analyst with The 451 Group, and Ryan Naraine, a blogger and evangelist with Kaspersky Labs, to talk about the launch of Google’s Chrome browser, the rash of browser-based exploits, the changing threat model and what the next president can do to address cybersecurity.

SWW: Researcher pushes data sharing

Robert Westervelt — Wed, 03 Sep 2008 19:30:15 +0000

Security researcher Gadi Evron is revitalizing the Botnets mailing list to get researchers to share more raw data with the security community. Evron says information sharing is the key to reducing cybercrime.

Self-Defending Networks in 2008

Robert Westervelt — Tue, 02 Sep 2008 14:17:43 +0000

In this Security Newsmakers Podcast, SearchSecurity.com’s Neil Roiter asks Scott Weiss, vice president and general manager of Cisco’s Security Technology Group and former IronPort CEO, about the state of the self-defending network in 2008 and the impact of the acquisition over the past 18 months.

Rich Mogull on DLP and homeownership

Dennis Fisher — Thu, 28 Aug 2008 19:51:30 +0000

In this episode of the Nameless Security Podcast, Rich Mogull, the founder of Securosis and a former Gartner analyst, discusses the benefits and limitations of DLP products and how life as a disaster medic prepared him for work as a security analyst.

SWW: PCI rules halt WEP, push 802.1x

Robert Westervelt — Wed, 27 Aug 2008 21:25:32 +0000

Bob Russo, general manager of the PCI Security Standards Council explains the changes ahead in version 1.2 of PCI DSS. The use of WEP is being eliminated and antivirus software is required for all operating systems, Russo said.

Countermeasures against targeted attacks in the enterprise

cgibney — Fri, 22 Aug 2008 14:51:40 +0000

Security organizations often struggle to compensate for unknowing employees who fall victim to social engineering attacks. It’s the unenviable job of information security to prevent that from happening. In this tip, Markus Jakobsson details the ills of social data mining and how technology can help thwart attacks that seek to exploit trusted relationships.

Alex Sotirov on Vista memory attacks

Dennis Fisher — Fri, 22 Aug 2008 12:52:29 +0000

Alex Sotirov created quite a stir at Black Hat earlier this month with the paper he and Mark Dowd presented on Vista memory protection attacks. In this episode, he talks about the effect of those attacks, the changing nature of vulnerability research and what lies ahead for application security.

SWW: Security Visualization

Robert Westervelt — Wed, 20 Aug 2008 19:10:06 +0000

Raffael Marty, author of Applied Security Visualization, talks about how security visualization techniques can help improve security decisions. Marty is chief security strategist at log analysis vendor Splunk.

SWW: Open source Web application firewall

Robert Westervelt — Mon, 18 Aug 2008 18:02:17 +0000

ModSecurity, the popular open source Web application firewall is getting a new tool that observes and analyzes application traffic and helps establish accepted behavior. In this special edition of Security Wire Weekly, Ivan Ristic, recognized for his work in building the ModSecurity, discusses his new ModProfiler and the challenges of deploying Web application firewalls. Ristic is vice president of security research at Breach Security Inc.