| TOP STORIES | MORE NEWS | MULTIMEDIA | BLOG | TWITTER |
Adobe's Brad Arkin discusses the company's struggle to protect Reader, Acrobat and Flash, including how the company interacts with researchers and its new partnership with the Microsoft Active Protections Program.
Jim Reavis, cofounder of the Cloud Security Alliance, discusses the group's first user certification, the Certificate of Cloud Security Knowledge (CCSK), the state of cloud security awareness among enterprises moving services and processes into the cloud, and how IT organizations should address security and compliance in the context of cloud computing.
Black Hat 2010: Greg Hoglund on malware attribution and fingerprinting
Greg Hoglund, founder of HB Gary Inc., presented his work on malware attribution and fingerprinting today at Black Hat in Las Vegas. In this interview, Hoglund talks about his research into looking at how to best trace malware to its author by looking at toolmarks left by the hacker within code.
Attackers are turning to mobile platforms, researcher says
In this interview, Mikko Hypponen, chief research officer at F-Secure Corp., talks about what he sees as the coming mobile security threats. He says money-making malware is already infecting some smartphones, but all platforms are at risk.
Black Hat 2010: Microsoft on bug disclosure, new security tool
Dave Forstrom, director of Microsoft's Trustworthy Computing, discusses Microsoft's "responsible disclosure" announcement, bug buyback programs and several other Black Hat 2010 announcements. Also, Brad Arkin, senior director of product security and privacy for Adobe Systems Inc., explains its decision to partner with Microsoft with its Active Protections Program, to give vulnerability data to security vendors prior to pushing out a patch.
Black Hat 2010: Mobile app threats
Kevin Mahaffey and John Hering of mobile security vendor Lookout Inc. explain their latest project, App Genome Project, a study of 300,000 smartphone applications. The study findings are being released this week at Black Hat 2010. The two researchers said mobile applications pose a major threat and predict it to be the next big attack vector of cybercriminals.
Security Wire Weekly podcast: Black Hat 2010 Preview
SearchSecurity.com editors Michael Mimoso and Robert Westervelt discuss this week's Black Hat conference. Also, Caleb Sima of Armorize Technologies on a sensitive Black Hat talk that has been canceled.
Interview: Security researcher, Felix "FX" Lindner
Felix "FX" Lindner, lead security researcher at Germany-based Recurity Labs, talks about a new Mozilla Firefox tool he developed that cleans SWF files making it difficult for attackers to target Flash vulnerabilities. Lindner plans to unveil the tool at Black Hat 2010 in Las Vegas. In this interview, he also talks about the difficulty of conducting security research under Germany's strict cybersecurity laws and his previous research on bar code scanner software vulnerabilities.
In this interview conducted at Black Hat 2010, Kaspersky Lab chief security expert, Vitaly Kamluk, discusses the underground market for both botnet operations and software designed to trick security vendor researchers and weaken antivirus detection..
Black Hat: Researchers poke holes in HTTPS, SSL Web browser security
Attackers capable of carrying out man-in-the-middle attacks to hijack Web browsing sessions can go further and render Web security protocols HTTPS and SSL/TLS useless against attack.
Black Hat: Poor SCADA systems security 'like a ticking time bomb'
An analysis of 120 security assessments at power plants, oil and chemical refineries and other critical systems revealed tens of thousands of security vulnerabilities, outdated operating systems and unauthorized applications.
Researchers uncover Cisco firewall vulnerabilites, McAfee console flaws
While vendors have released patches for the flaws, SecureWorks researchers told Black Hat 2010 attendees that many enterprises place too much trust in their security systems and fail to check them for basic vulnerabilities.
Black Hat: Targeted network security attacks beating forensics efforts
Targeted attacks are having little difficulty bypassing traditional security defenses and forensic investigations, two researchers revealed at the Black Hat 2010.
Black Hat: DHS calls for attitude adjustment
Wednesday's Homeland Security keynote included the tried-and-true plea for greater public-private partnership to secure cyberspace, yet served to challenge those who think securing the Internet is a lost cause.
Microsoft seeks true 'responsible' vulnerability disclosure
In an interview at Black Hat 2010, the software giant said it doesn't see the need to join Mozilla and Google in paying security researchers who discover bugs in its products. It also announced a new mitigation toolkit and a partnership with Adobe.
Mobile threats, SSL weaknesses, Web application bugs at Black Hat 2010
Security researchers converge on Las Vegas to demonstrate vulnerabilities and threats to critical infrastructure, mobile devices and Web-based applications.
Complacency over VPN security and management unacceptable
New research from NCP Engineering points out that companies are complacent about VPN security configurations, and poorly managed VPNs are often at the heart of large data breaches.
Armorize's Huang cancels Black Hat China talk
A Black Hat 2010 presentation on the hacking community in China was canceled at the request of the Taiwanese government. A new talk will focus on drive-by attacks.
Black Hat 2010: Study tests SSL protocol use, finds SSL errors
Ivan Ristic of Qualys Inc.'s SSL Labs is studying thousands of SSL implementations to document configuration errors and protocol issues.
Black Hat 2010: New Firefox tool to clean Adobe Flash file errors
Browser-based add-on, Blitzableiter, cleans SWF files prior to running on a user's computer. The tool will be released at Black Hat 2010 in Las Vegas.
|BLACK HAT LAS VEGAS 2009|
For a look back at last year's event, check out news, features and podcasts from SearchSecurity.com's special coverage of Black Hat Las Vegas 2009.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal