OWASP expert Dan Cuthbert – lessons we must learn from LulzSec September 2011 | Derek Parkinson | Leave a comment A key lesson to be learned from our recent experience of LulzSec is that we are slow to learn from experience, it emerged from a talk given by OWASP project leader Daniel Cuthbert to the Royal Holloway Information Security Group. … Continue reading → Tweet
Why injection attacks will be with us for a while yet August 2011 | Derek Parkinson | Leave a comment Gaps in security that claimed high profile victims such as NATO, HBGary, and most recently NASA according to claims, will continue to plague large organisations because they don’t understand the vulnerabilities in the technology that powers their complex websites, a … Continue reading → Tweet
Cisco, Sophos, McAfee warn of global security threats August 2011 | Derek Parkinson | Leave a comment The increasing diversity of web malware and sophistication of attacks means that organisations must rethink their reliance on signature-based detection and passive or automated responses to threats, warns Cisco in its latest security report. Detections of unique web malware rocketed … Continue reading → Tweet
Lessons to be learned from military security February 2011 | Redaction | Leave a comment A certified SANS instructor, Steve Armstrong will lead the week-long course on hacker techniques, exploits and incident handling at the upcoming SANS event in Barcelona. His career in security includes military service, and leading a team of 12 penetration testers … Continue reading → Tweet
Merchants ‘in denial’ over PCI-DSS and credit card time bomb February 2011 | Redaction | Leave a comment Many companies in the retail and hospitality sectors are simply unaware of the quantity of unprotected credit card data they hold, and are sitting on a security time bomb, forensic consultancy Foregenix has warned. “They just don’t realise how big … Continue reading → Tweet
Social engineering hacks to feature at DEFCON June 2010 | Redaction | Leave a comment DEF CON, one of the world’s largest hacker conventions, will this year include a social engineering contest where delegates will use deceptive techniques to hack into several US companies. The Social Engineering ‘Capture the Flag’ competition, which will run during … Continue reading → Tweet
Annual hacking challenge aims for mobiles and browsers February 2010 | Redaction | Leave a comment The annual Pwn2Own contest next month is to target browsers and mobile phones, with a total cash prize for successful exploits increased to $100,000. The focus emphasises the rising importance of mobile security, and new exploits are almost guaranteed to … Continue reading → Tweet
Mobile goldrush pans security December 2009 | Redaction | Leave a comment Although mobile apps are the toast of the digital community, danger lies ahead, according to experts. Howard Schmidt, ISF President said: “There’s a real focus on mobile at the moment. We’re replacing the laptops that we used to carry with … Continue reading → Tweet
‘Nasa hacker’ to be extradited to US November 2009 | Redaction | Leave a comment Hacker Gary McKinnon is set to be extradited to the US after a last-minute bid by his legal team failed. The UK home secretary rejected claims that the 43-year-old Asperger’s syndrome sufferer would be suicidal if extradited to face charges … Continue reading → Tweet
Government cyberwarfare centre set for launch November 2009 | Redaction | Leave a comment A new cyberwarfare centre is set to launch on 10 March, according to the government. A Parliamentary question revealed that the new Cyber Security Operations Centre (CSOC) will have a staff of 19. CSOC, based at GCHQ in Cheltenham, will … Continue reading → Tweet
