Browsing Author: Chris Brook

Week in Review: Patch Overload and Confronting Mobile Malware

[img_assist|nid=7078|title=|desc=|link=none|align=right|width=100|height=100]Patches – and plenty of them – took center stage this week
as two big software companies shipped substantial updates. Some alarming news
also broke regarding the growing number of botnets operating out of the U.S.  Read on for the full week in review.

Read more...

This Week In Security: Stuxnet Redux, Gmail Security and a Monster Patch Tuesday

[img_assist|nid=6279|title=|desc=|link=none|align=right|width=100|height=100]The Stuxnet buzz continued this week, Adobe took a few steps toward better security and Microsoft announced plans for its largest Patch Tuesday ever. But it wasn’t just Microsoft, Adobe and everyone’s favorite worm grabbing headlines. Read on for the full week in review.

Read more...

FTP Flaw Could Disable Wide Range of Servers

Categories: Vulnerabilities

FTP Flaw Could Disable Wide Range of ServersAn easily exploitable flaw exists that could enable an anonymous hacker to cause a denial of service on many common FTP server platforms , including some public FTP servers run by software giants Adobe and HP, according to a report published by SecurityReason.. The vulnerability affects a wide range of FTP servers, including those by  OpenBSD (V 4.7), NetBSD (V 5.0.2), FreeBSD (V 7.3/8.1), Oracle’s Sun Solaris 10 and GNU Libc, used by some leading software vendors.The vulnerabilityexists in the glob() function, which is used to enable wildcard searches by file names. When exploited the hole can cause servers to become slow, unresponsive and even crash. Acccording to the report (http://securityreason.com/securityalert/7822) from Maksymilian Arciemowicz, a security researcher with SecurityReason, the error boils down to a problem with GLOB_LIMIT, a component created in 2001 to help reduce memory used by glob(). The faulty GLOB_LIMIT clogs up memory with errant patterns that leads to the attack.Arciemowicz said well trafficked sites such as ftp.openbsd.org, ftp.netbsd.org, ftp.freebsd.org, ftp.adobe.com, ftp.hp.com and ftp.sun.com are all vulnerable to denial of service attacks using the glob() function. Those sites often allow anonymous logins, making attacks even easier.Unlike previous FTP attacks like Gumblar, which remotely steals credentials, the GLOB flaw does not allow remote code to be executed on the affected system and does not appear to be widespread. A patch has yet to be issuedThe H Security has more details about the flaw.An easily exploitable flaw exists that could enable an anonymous attacker to cause a denial of service on many common FTP server platforms, according to a report published by SecurityReason.

Read more...

SecTor

Categories: Slideshow

Toronto, Ontario, Canada

Billed as “Canada’s Premiere IT Security
Conference” (they might want to ask the CanSecWest folks about that), SecTor is
an annual security confab that draws some of the top security researchers and
IT professionals from the Great White North and the U.S. to Toronto for
training and a two day conference. Smaller and more mellow than shows like
BlackHat, SecTor offers a great lineup of top tier speakers and sessions
without the insanity of its larger kin south of the border.

Read more...

Notacon

Categories: Slideshow

Cleveland, Ohio

A hacker con in the truest sense, this
Cleveland, Ohio, based conference takes place in April and combines sessions on
traditional IT security with craftier fare like the convergence of clothes,
fashion and hacking, biomimicry and mimetic engineering. Now in its eighth
year, Notacon says its goal is “to apply technology to
graphics, art, music, or social interaction. “

(Check it out at http://www.notacon.org/ – and PLEASE note that
.ORG!! ;-) )

Read more...

Syscan

Categories: Slideshow

Asia

One of Asia’s
premiere security events, Syscan pitches its tent in some of the current and
emerging IT capitals in the region, including Singapore, Hangzhou, Taipei, and
Ho Chi Minh City with top tier security researchers, Black Hat style
presentations, a capture the flag tournament and more.

http://syscan.org/

(Image via Syscan.org)

Read more...

Hackid

Categories: Slideshow

One of the more interesting trends is the way hacking culture is starting to trickle down from the technology cognoscenti to a far broader and equally receptive audience. Hackid is a great example of that. In its first year
ever, Hackid is a conference specifically targeted at kids aged 5 to
17. The show is the brainchild of Cisco cloud specialist Christopher Hoff, who says the idea occurred to him after he brought his own children to the Source Boston show, expecting them to be bored out of their minds, only to watch them have a great time.

Read more...

Ekoparty

Categories: Slideshow

A mainstay for the Latin American security
community, Ekoparty burst into the limelight this year with a presentation (reported first by
Threatpost.com) on a hole in Microsoft’s ASP.NET technology that could render
the security on millions of Web sites obsolete.  Now in its sixth year,
the annual event is held in Buenos Aires, Argentina, and features training
sessions, a two day conference, lock picking, war driving and other hacker
fare. Ekoparty is well worth the trip south of the Equator.

Read more...

Day-Con

Categories: Slideshow

Dayton, Ohio

When I
say “Dayton,Ohio,” what image comes to mind? Hacking, right? If not, then
you’ve never been to Day-Con, the annual Ohio-based hacker con now in its
fourth year. This year’s Day-Con is scheduled for October 22nd and 23rd, with three days
of training preceding the main conference.

Read more...