About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
For years, security experts, analysts and even users have been lamenting the state of desktop security. Viruses, spam, Trojans and rootkits have added up to create an ugly picture. But, the good news is that the desktop security battle may be over.
A new study by a Web security firm has found that despite the myriad differences in the common programming languages and frameworks deployed on the Web today, there is virtually no difference in their practical security and resistance to attack.
In this video from the SOURCE conference in Boston, security researcher Dino Dai Zovi discusses the details of return-oriented programming and the ways in which it can be used to exploit vulnerabilities.
Google has released a new online training course for Web application developers designed to teach them how to avoid common programming mistakes that lead to vulnerabilities such as cross-site scripting, cross-site request forgery and others.
Dennis Fisher talks with Didier Stevens, the security researcher who developed the innovative method for using the /launch command in PDF readers to execute code on remote machines. Stevens discusses the ramifications of the discovery, the security of PDFs in general and the user behavior that makes these attacks more effective.
The criminals behind the Gumblar botnet and malware campaign have been adapting their techniques, as attackers are wont to do, in order not only to evade detection but to prevent researchers from downloading and analyzing new versions of the malware.
HD Moore, the founder of the Metasploit Project and now the CSO of Rapid7, talks at the SOURCE conference in Boston about the mainstream acceptance and importance of penetration testing.
In the space of a given year, untold thousands of vulnerabilities are found in operating systems, applications and plug-ins. In many cases, the affected vendors fix the flaws, either with a patch, a workaround or some other mitigation. But there’s also a huge population of security bugs that vendors never fix because they’re deemed unexploitable, an assumption that may be turning into a serious mistake for software makers.
Buffer overflows have been a serious security problem for software developers for several decades now, but the history of exploitation research on this class of flaws is relatively short.
Allison Miller of PayPal’s Global Risk Management group discusses the challenges of keeping the service’s customers safe online in a session at the SOURCE conference in Boston.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
