Most recent news coverage:
Sophos software design, implementation critically flawed, says researcher
LAS VEGAS – Critical components of endpoint security vendor Sophos LLC’s antivirus engine recently underwent an intense review from a security researcher, and the results – revealed today at Black Hat 2011 – were not kind to the product.
Vulnerability hunter Tavis Ormandy, who by day is an information security engineer at Google Inc., was expected to release his findings in a paper following his presentation at Black Hat, along with a spate of tools used in his dissection of the Sophos engine. Ormandy said his analysis found that Sophos software uses weak or outdated cryptography in the way it builds and matches virus signatures, relies on obfuscation for security too often, and fails to comprehend certain exploitation techniques, among other problems.
Table of contents:
Black Hat 2011: Security vulnerability news
Get updates from the 2011 Black Hat conference on the latest security vulnerability news.
Black Hat 2011: Security exploit news
Check out Black Hat 2011 security exploit news and updates direct from Las Vegas.
Black Hat 2011: IT security research news
Get the most recent updates on the security research news from the 2011 Black Hat briefings.
Video interviews from Black Hat
Black Hat 2011: SSL is broken, researcher says
Black Hat 2011: Drive-by attacks can cause Android priv
Black Hat 2011: Database threats and mitigations
Black Hat 2011: SIM rule maker on attacks and defenses
Attack vectors, vulnerabilities and malware analysis
Vulnerability mitigation study
Mozilla security chief on Firefox improvements
Attackers are turning to mobile platforms
Dan Kaminsky on DNS, Web attacks