USENIX HotSec '10 Submission Deadline Approaching

USENIX HotSec '10 Submission Deadline Approaching

USENIX HotSec '10 Submission Deadline Approaching

Posted:

InfoSec News: USENIX HotSec '10 Submission Deadline Approaching: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>
I'm writing to remind you that the submission deadline for the 5th USENIX Workshop on Hot Topics in Security (HotSec '10) is approaching.
Please submit all work by 11:59 p.m. PDT on May 3, 2010. http://www.usenix. [...]

Cyberattack on Google Said to Hit Password System

Posted:

InfoSec News: Cyberattack on Google Said to Hit Password System: http://www.nytimes.com/2010/04/20/technology/20google.html
By John Markoff The New York Times April 19, 2010
Ever since Google disclosed in January that Internet intruders had stolen information from its computers, the exact nature and extent of the theft has been a closely guarded company secret. But a person with direct knowledge of the investigation now says that the losses included one of Google's crown jewels, a password system that controls access by millions of users worldwide to almost all of the company's Web services, including e-mail and business applications.
The program, code named Gaia for the Greek goddess of the earth, was attacked in a lightning raid taking less than two days last December, the person said. Described publicly only once at a technical conference four years ago, the software is intended to enable users and employees to sign in with their password just once to operate a range of services.
The intruders do not appear to have stolen passwords of Gmail users, and the company quickly started making significant changes to the security of its networks after the intrusions. But the theft leaves open the possibility, however faint, that the intruders may find weaknesses that Google might not even be aware of, independent computer experts said.
The new details seem likely to increase the debate about the security and privacy of vast computing systems such as Google's that now centralize the personal information of millions of individuals and businesses. Because vast amounts of digital information are stored in one place, popularly referred to as 'cloud' computing, a single breach can lead to disastrous losses.
[...]

Future of SF admin Terry Childs now in jury's hands

Posted:

InfoSec News: Future of SF admin Terry Childs now in jury's hands: http://www.computerworld.com/s/article/9175821/Future_of_SF_admin_Terry_Childs_now_in_jury_s_hands?taxonomyId=17
By Robert McMillan IDG News Service April 19, 2010
Terry Childs' battle to avoid being convicted over what his supporters characterize as a workplace dispute gone wrong is almost over. [...]

Politically Motivated Attacks Could Force Enterprises To Reshape Defenses

Posted:

InfoSec News: Politically Motivated Attacks Could Force Enterprises To Reshape Defenses: http://www.darkreading.com/securityservices/security/cybercrime/showArticle.jhtml?articleID=224400721
By Tim Wilson DarkReading April 19, 2010
An emerging wave of politically motivated cyberattacks is reaching critical mass and threatens to redefine the way enterprises build their [...]

Your BlackBerry's dirty little security secret

Posted:

InfoSec News: Your BlackBerry's dirty little security secret: http://www.csoonline.com/article/591358/Your_BlackBerry_s_dirty_little_security_secret
By Bill Brenner Senior Editor CSO April 19, 2010
Tyler Shields, senior member of the Veracode Research Lab, spends a lot of time picking apart those BlackBerry devices that are ubiquitous across the enterprise. [...]

[Dataloss Weekly Summary] Week of Sunday, April 11, 2010

Posted:

InfoSec News: [Dataloss Weekly Summary] Week of Sunday, April 11, 2010: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, April 11, 2010
6 Incidents Added.
======================================================================== [...]

Final CFP: TrustBus'10 -- Deadline Extended

Posted:

InfoSec News: Final CFP: TrustBus'10 -- Deadline Extended: Forwarded from: "M. Carmen Fernández Gago" <mcgago@ (at) cc.uma.es>
** Apologies for multiple copies **
*Call for Papers*
*6th International Workshop on*
*SECURITY and TRUST MANAGEMENT (STM'10)*
Athens, Greece
23-24 September 2010
http://www.isac.uma. [...]

iPad Used To Govern Norway -- But What About Security?

Posted:

InfoSec News: iPad Used To Govern Norway -- But What About Security?: http://www.sci-tech-today.com/news/Brand-New-iPad-Used-To-Run-Norway/story.xhtml?story_id=10000B5ZXF4W&full_skip=1
By Jennifer LeClaire Sci-Tech Today April 16, 2010
Norway Prime Minister Jens Stoltenberg used his brand-new Apple iPad to govern from a New York airport. [...]

Linux Advisory Watch: April 16th, 2010

Posted:

InfoSec News: Linux Advisory Watch: April 16th, 2010: +----------------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | April 16th, 2010 Volume 11, Number 16 | | | [...]

Microsoft wants pacemaker password tattoos

Posted:

InfoSec News: Microsoft wants pacemaker password tattoos: http://www.theregister.co.uk/2010/04/16/pacemaker_security_tattoo/
By Dan Goodin in San Francisco The Register 16th April 2010
A Microsoft researcher has suggested tattooing passwords on patients with pacemakers and other implanted medical devices to ensure the [...]

Security researchers demo Cisco Wi-Fi flaws

Posted:

InfoSec News: Security researchers demo Cisco Wi-Fi flaws: http://www.zdnet.co.uk/news/security-threats/2010/04/16/security-researchers-demo-cisco-wi-fi-flaws-40088653/
By Richard Thurston ZDNet UK 16 April, 2010
Two generations of Cisco wireless LAN equipment contain a range of vulnerabilities, researchers have told the Black Hat security conference. [...]

An infosec revolution in Boston

Posted:

InfoSec News: An infosec revolution in Boston: http://www.csoonline.com/article/590873/An_infosec_revolution_in_Boston
By Bill Brenner Senior Editor CSO April 14, 2010
If your focus is information security, Boston is the place to be next week. A perfect storm of events is brewing, and I've come to anticipate [...]

Taking Penetration Testing In-House

Posted:

InfoSec News: Taking Penetration Testing In-House: http://www.darkreading.com/vulnerability_management/security/management/showArticle.jhtml?articleID=224400589
By Keith Ferrell Special To Dark Reading Apr 16, 2010
Conducting penetration testing in-house rather than using an outside consultant is worth considering for reasons of both cost and security expertise -- but it's also a step not to be taken lightly.
"The advantage of having in-house penetration testers is the focus they provide," says Chris Nickerson, founder of security firm Lares Consulting. "They're able to keep track of the latest exploits and vulnerabilities, constantly monitor systems, and practice and sharpen their skills. But in order to achieve those benefits, they have to be focused. "
Nickerson points out that while some really large enterprises are fielding teams wholly dedicated to testing, for most companies pen tests are only part of the testers' responsibilities. "It's all too common to find penetration tests delayed or put off because the tester has too many other open tickets to deal with," he says.
While even a part-time pen-test specialist on staff can be a step in the right direction, it can also be risky. "The variety of tools available for pen tests today is remarkable, and I pretty much applaud them all," he says. "Metasploit, Canvas, Core, Nessus, and others have spent a lot of time ensuring that installing their agents don't blow the boxes that are being tested. That's the default: Once the agent is installed and it's determined whether or not the exploit works, the agent is uninstalled."
[...]

Career Bobs

Posted by Rohan ingale at 1:17 AM

0 comments:

Post a Comment