Black Hat 2011: Special conference coverage

Get updated news, videos and podcasts from Black Hat 2011, the annual hacker and security research event in Las Vegas. And follow our coverage on Twitter: @searchsecurity @mike_mimoso @rwestervelt

Most recent news coverage:

Sophos software design, implementation critically flawed, says researcher
LAS VEGAS – Critical components of endpoint security vendor Sophos LLC’s antivirus engine recently underwent an intense review from a security researcher, and the results – revealed today at Black Hat 2011 – were not kind to the product.

Vulnerability hunter Tavis Ormandy, who by day is an information security engineer at Google Inc., was expected to release his findings in a paper following his presentation at Black Hat, along with a spate of tools used in his dissection of the Sophos engine. Ormandy said his analysis found that Sophos software uses weak or outdated cryptography in the way it builds and matches virus signatures, relies on obfuscation for security too often, and fails to comprehend certain exploitation techniques, among other problems.

Read the rest of the story here.

Table of contents:

Black Hat 2011: Security vulnerability news

Get updates from the 2011 Black Hat conference on the latest security vulnerability news.

Black Hat 2011: Security exploit news

Check out Black Hat 2011 security exploit news and updates direct from Las Vegas.

Related Content

Black Hat 2011: IT security research news

Get the most recent updates on the security research news from the 2011 Black Hat briefings.