Does Software Security Suffer When the Customer is No Longer Master?

November 22, 2011 Added by:Josh Shaul

When you measure the impact on share price, it’s not worth it to build secure software. Buyers are gobbling up the vulnerable stuff as quickly as they can get their hands on it, and the people who pay the price are those whose data is stolen and whose lives are turned upside down in the aftermath...

Comments  (2)


The Importance of Software Updating

November 21, 2011 Added by:Emmett Jorgensen

There is software that can scan your network and check for these un-patched systems. The software can report back exactly which software updates are missing, and then use another tool to actually exploit those vulnerabilities. An attacker could take complete control of your computer...

Comments  (0)


Registry Analysis with Reglookup

November 10, 2011 Added by:Andrew Case

This tool recovers deleted entries within registry hives, then reports them in a CSV format similar to reglookup. This capability has fairly obvious applications in forensics investigations, and investigators should consider adding reglookup-recover usage to their forensics process...

Comments  (0)


The Fine Line Between Software Defects and Features

November 09, 2011 Added by:Rafal Los

When we find a bug in software that has the potential for causing security-related issues, we want to convince the business to fix the issue, remediate the problem that we find. Only thing is, while we see it as a security vulnerability the business sees it as a critical feature...

Comments  (1)


Open Source Registry Decoder 1.1 Tool Released

November 02, 2011 Added by:Andrew Case

We are announcing the release of Registry Decoder 1.1, a free and open source tool. We are reaching out to practitioners and research groups (professional and academic) in an attempt to proliferate Registry Decoder. We would appreciate any plugins contributed from these communities...

Comments  (0)


Effective Software Security Starts and Ends with Requirements

October 28, 2011 Added by:Rafal Los

Threat modeling software is a delicate art, and often mis-understood enough to cause poor execution. It seems elementary that the best time to impact security in a positive way is during requirements gathering, yet many security professionals continue to ignore that opportunity...

Comments  (0)


Gleg releases Ver 1.7 of the SCADA+ Exploit Pack

October 24, 2011 Added by:Joel Langill

On October 20, Gleg released version 1.7 of the SCADA+ Exploit Pack for the Immunity Canvas framework, though this time around, I do not see a lot of unique value in the code updates. Modules of interest in this release represent the bulk of the ICS/SCADA vulnerabilities disclosed in September...

Comments  (0)


Analysis of the October 2011 Oracle CPU Database Patches

October 19, 2011 Added by:Alexander Rothacker

Oracle released its October Critical Patch Update with 57 vulnerabilities across multiple products. This low number of patches continues a trend where Oracle appears to be losing focus on database security, probably due to the many new products offerings and acquisitions...

Comments  (0)


The CERT Oracle Secure Coding Standard for Java

October 18, 2011 Added by:Ben Rothke

The CERT Oracle Secure The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits...

Comments  (0)


Penetration Testing Tools Update: New Version of EAPeak Released

October 15, 2011 Added by:Spencer McIntyre

EAPeak is a suite of open source tools to facilitate auditing of wireless networks that utilize the Extensible Authentication Protocol framework for authentication. It provides useful information relating to the security of these networks for PenTesters to use in searching for vulnerabilities...

Comments  (0)


BitDefender Internet Security Suite Review

October 10, 2011 Added by:Dan Dieterle

Let’s be honest with each other, what are the biggest problems with securing PC’s? Having an anti-virus and firewall alone will not completely protect you. You have to have your Windows patches installed, applications need to be kept up to date and you have to use secure passwords...

Comments  (1)


Mobile Malware and How to Defend Against It

October 05, 2011 Added by:Dan Dieterle

A lot was covered, including how hackers are creating apps that pass verification and are published in the app store, but when installed, pull down malicious updates. Bluetooth vulnerabilities and a “Truly Evil Hack” were also discussed...

Comments  (0)


Backtrack Metasploit Megaprimer

September 28, 2011 Added by:Dan Dieterle

The Metasploit Framework in the Backtrack series is an amazing platform for penetration and security testing. The capabilities are stunning. The problem is the learning curve is kind of steep, especially for new users. For training, look no further than the “Metasploit Megaprimer"...

Comments  (2)


Capturing Logins with Keyscan and Lockout_Keylogger

September 26, 2011 Added by:Dan Dieterle

Sometimes a penetration tester may have remote access to a user’s machine, but he may not have the password, or the user has a very long complex password that would take too long to crack. Backtrack 5′s Metasploit Framework has a utility for capturing keys pressed on a target machine...

Comments  (0)


Auditing vs. Secure Software - An Inconvenient Argument

September 19, 2011 Added by:Rafal Los

You may have missed one of the strangest exchanges I think I've seen in a long while. An out-of-the-blue scathing blog post by Oracle's CSO prompted a swift response from VeraCode's Chief Technology and Security Officer. What brought this on is anyone's guess...

Comments  (0)


Do You Always Need to Install Software Updates?

September 12, 2011 Added by:Cor Rosielle

Whether it is necessary to install an available patch or not is an individual assessment for each company. To determine whether or not this is sensible, we can not blindly and without thinking install any available update. No, to determine that we must use use our brains. Ouch...

Comments  (5)

Page « < 3 - 4 - 5 - 6 - 7 > »