RSA Conference 2010: news, interviews and updates

RSA Conference 2010 is valuable resource in staying educated on the latest advances, threats and emerging trends in the information security industry. Here you will find the most current updates and news on the upcoming RSA Conference 2010, scheduled from March 1-5, 2010 in San Francisco.

The RSA Conference is a valuable resource in staying educated on the latest advances, threats and emerging trends in the information security industry. Here you will find the most current updates and news on the upcoming RSA Conference, scheduled from March 1-5, 2010 in San Francisco.


RSA Conference 2010

| TOP STORIES | MORE NEWS | MULTIMEDIA | BLOG | TWITTER | and Information Security magazine editors will be in San Francisco to bring you the biggest news stories, interviews and rumors, as well as videos, podcasts and more, so be sure to check back here for information updates. 



Social networking risks, benefits for enterprises weighed by RSA panel
Social networking risks for enterprises may be outweighed by the benefits, but 2010 RSA Conference experts say infrastructure providers must improve their security and organizations must help users understand social networking's privacy ramifications.



 PCI Council readying end-to-end encryption guidance:
Video: PCI Council general manager Bob Russo said the guidance document will outline the minimum requirements that need to be met by so-called end-to-end encryption products. Other technologies being studied include the use of tokenization and chip and PIN technologies to protect credit card data and how virtualization affects data protection technologies. In this interview, Russo explains whether the next version of PCI DSS will have any major changes and why the Council takes a cautious approach to adding changes to the standard.

  Botnet expert assesses the threat landscape:
Video: Joe Stewart, director of research at SecureWorks Inc. says investigators are getting better at tracking down botnets, but legal issues persist. Stewart discusses the current threat levels presented by botnets, recent attacks from Operation Aurora and the Black Energy botnet, and how to protect your enterprise from DDoS and other botnet attacks.

  Noted cryptographer on SSL, encryption and cloud computing:
Video: Cryptographer, Taher Elgamal of Axway Inc., the inventor and initial driving force behind SSL, explains how applications may be better adapted to defend against attacks and how cloud computing may alter data protection and authentication. The SSL protocol will be updated to prevent man-in-the-middle attacks, but researchers need to find better ways to prevent malware from getting on PCs in the first place, Elgamal said.

  Botnets, malware and capturing cybercriminals:
Video: Malware isn't getting more sophisticated, but cybercriminals have better tools to control their botnets and deploy more targeted attacks, says Gunter Ollmann, vice president of research at Damballa, Inc. In this video, Ollmann explains why it is difficult for law enforcement to track down and prosecute cybercriminals. He describes how modern malware is making its way into corporate networks and why the recent attacks against Google Inc. and other companies lacked any sophistication.

 VeriSign on DNSSEC support:
Video: Joe Waldron, a product manager in VeriSign's Naming (DNS) Group, said engineers are testing and upgrading systems to support security extensions for DNS (DNSSEC). Some upgrades are needed to handle an anticipated increase in bandwidth. Barring any setbacks, VeriSign plans to have DNSSEC deployed across .net by the fourth quarter of 2010 and .com by the first quarter of 2011, Waldron said.

 Security Squad: RSA Conference 2010 in review 
Podcast: The editorial team recalls the themes and discussions that dominated the 2010 RSA Conference. Federal cybersecurity issues ruled with the debut of White House cybersecurity coordinator Howard Schmidt. Microsoft's Scott Charney explained the legal action the software giant took to disrupt the Waledac botnet. Also, attendees showed interest in social networking security. In addition, the convergence of cloud computing and identity management was showcased.

RSA Conference 2010: Microsoft's Scott Charney
Podcast: Scott Charney, Microsoft's vice president for Trustworthy Computing, discusses the software giant's latest legal action to take down the Waledac botnet.

RSA Conference Preview: Former ChoicePoint CISO Rich Baich
Podcast: Rich Baich, who heads Cyber Threat Intelligence Group at Deloitte, shares his thoughts on RSA Conference 2010 and the current threat landscape.



Robert Maley dismissal, in retrospect, not surprising
Security Bytes blog
As first reported last week in the The Patriot-News of Pennsylvania and other outlets, Pennsylvania CISO Robert Maley was either fired or resigned under pressure following an appearance at RSA Conference 2010.

FDIC: ACH fraud losses climb despite drop in overall cyberfraud losses
Rise in fraudulent electronic funds transfers indicates an overreliance on authentication, says an FDIC cyberfraud specialist. Small and midsize businesses and their financial institutions suffered about $120 million in losses due to fraudulent EFTs in the third quarter of 2009, up from about $85 million in the third quarter of 2007.

 Experts laud IPS virtual patching, but warn against misuse
Virtual patching with intrusion prevention systems can offer a quick fix for vulnerabilities on an enterprise network, say experts at RSA Conference 2010, but the technique is no substitute for proper system and application patching.

FBI asks for more private-sector help reporting cybercrime cases
FBI director talks about the agency's work to track down cybercriminals, but says it needs helps from private sector.

At RSA Conference, experts dismiss end-to-end encryption claims
Payment industry "buzz" term isn't really reality, say some industry experts at RSA Conference 2010.

PCI tokenization push promising but premature, experts say
Merchants see value in the technology helping to reduce the scope of a PCI assessment, but a lack of standards and complexity issues are a cause for concern.

Static source code analysis turned on its head
Security Bytes blog
Caleb Sima, cofounder of SPI Dynamics, explains how the company's CodeSecure product is different from traditional code analysis tools.

Medical identity fraudsters target health care information, experts say
Health care organizations say medical identity fraud is on the rise and they're boosting their online security with anti-fraud measures used in the banking industry.


Medical identity fraudsters target health care information, experts say
Health care organizations say medical identity fraud is on the rise and they're boosting their online security with anti-fraud measures used in the banking industry.


Balancing security, business case for consumer products in enterprise
Security managers looking to curb their network risks struggle with employees' desire to use consumer-oriented devices and services like smartphones, USB drives and social media.

RSA Conference panel weighs PCI implications of cloud computing
Security Bytes Blog
Cloud computing takes PCI compliance into unfamiliar territory, but auditors will have to get used to it.

Privacy protection essential in fight against cybercriminals, experts say
The federal government may need to step in to protect the networks of critical infrastructure facilities, but it must respect the civil rights of its citizens, RSA panelists said.

Email authentication methods critical in fight against phishing
Companies need to implement email authentication in order to protect customers against increasingly sneaky phishing attacks, experts say.

Customer gets say during responsible vulnerability disclosure panel
Paying customers are often the overlooked voice in disclosure debates over software vulnerabilities, but during a RSA Conference 2010 panel discussion, one made his presence felt.

Social networking threats put new pressure on healthcare CSOs
Healthcare security managers say their bosses and others are increasing pressure on them to allow access to social networking and other Internet services.

White House declassifies CNCI summary, lifts veil on security initiatives
Summary document outlines ongoing initiatives to improve cybersecurity at the federal level as well as the security of the supply chain and private networks of critical infrastructure facilities.

Companies urged to share data breach information
Sharing breach data with law enforcement is necessary for fighting sophisticated online criminals, panelists say.

RSA panel: No easy solution for Zeus Trojan, banking malware
Security experts say banking malware is an insidious problem that poses difficult challenges.

Shamir acknowledges chip-and-PIN attack as his favorite
Security Bytes blog
Adi Shamir, one of the inventors of the RSA algorithm, discussed chip-and-PIN authentication at the annual RSA Conference Cryptographers' Panel on Tuesday.

Nigerian 419 scam messages are not from Africa, experts say
A study of 419 advanced fee fraud messages found many of them may be coming from cybercriminals in Eastern Europe and Asia.

NSA, cryptoexperts jab at RSA Conference Cryptographers' Panel
A good-natured spat between cryptography pioneers and a former NSA technical director spices up the annual Cryptographers' Panel at RSA Conference.

Microsoft's Charney details new botnet protection, IdM technology at RSA Conference
At RSA 2010, Scott Charney discussed Microsoft's new approach to botnet protection, IdM technologies and cloud computing risks.

Secure cloud concept built on new Intel processor
Security Bytes blog
RSA along with Intel and VMWare unveiled a proof of concept for creating secure and compliant cloud services at the 2010 RSA Conference.

Cloud Security Alliance releases top cloud computing security threats
The Cloud Security Alliance identifies seven top cloud computing security threats.

Three security themes to watch for at RSA Conference 2010
Endpoint security, virtualized environments and cyberwarfare could be big themes at the 2010 RSA Conference.

Cloud security issues, targeted attacks to be hot-button topics at RSA Conference 2010
Cloud computing concerns will share the spotlight at this year's RSA Conference 2010, with ways to defend against the increasing frequency of highly targeted cyberattacks against corporate networks.



RSA Conference 2009: Special news coverage
For a look back at last year's event, check out news, features and podcasts from's special coverage of RSA Conference 2008.

This was last published in March 2010

Dig Deeper on Emerging cyberattacks and threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.