About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
Dino Dai Zovi has gained a reputation as one of the top Apple security researchers in the industry and is the author of a new book on Apple security, “The Mac Hacker’s Handbook.” In this interview, he talks about the state of Apple security, why the company hasn’t implemented better memory protections and his ‘no more free bugs’ meme.
Dennis Fisher talks with Ori Eisen, founder of 41st Parameter, about the roots of online fraud, how the credit card companies and banks could have done better and whether we need to start from scratch with a new Internet.
From the Internet Storm Center
The mere existence of the Conficker Working Group (also known as the Conficker Cabal) is something of a minor miracle. Security vendors do not have a long history of cooperating with each other, aside from the perhaps the antivirus companies sharing samples. But, as an unidentified member of the Conficker Working Group writes in this diary entry [sans.org], the joint effort to stop the spread of Conficker could be used as a blueprint for future cooperative eforts.
From The New York Times, by Saul Hansell
Microsoft is at work on a couple of new technologies that may finally help enterprises unravel the giant ball of yarn that is user identity management. The head of the company’s server and tools business, Bob Muglia, said Microsoft’s Azure technology, as well as a tool called Direct Access in Windows 7, will give enterprises the help they need to make sense of identity management.
From Facebook, by Jeff Williams, Microsoft
When the Koobface worm hit Facebook users last year, the company’s security team scrambled to help affected users reset their accounts and avoid new infections. But the worm has continued to crop up periodically since then, and so the anti-malware team at Microsoft has been helping the Facebook technicians get a handle on the attack.
From Dark Reading, by Kelly Jackson Higgins
In the last couple of years, SQL injection attacks have become the favorite tactic of pentration testers, cyber criminals and script kiddies alike. But some researchers are taking the technique to a new level. At Black Hat Europe later this month, a British researcher will show off a tactic for using SQL injection to take control of the database behind the Web server.
From The Last Watchdog, by Byron Acohido
Lost amid all of the breathless reporting on Conficker’s update mechanism this week was the fact that machines infected with the latest version of the worm, Conficker.C, have effectively stopped previous versions of the worm from spreading.
The openness and universal connectivity that helped break down the barriers between coporate networks has also turned out to be a security liability. Jon Oltsik, an analyst at Enterprise Strategy Group, writes that there’s now a need for open standards in security [Cnet news.com] to help make collaboration and data-sharing more efficient and secure.
A bill introduced in the Senate on Wednesday would make major changes to the way that cybersecurity is handled both within the government and in the private sector, including giving the federal government more control over private networks.
Digital Underground podcast with Dennis Fisher
In this episode, Dennis Fisher talks with Dino Dai Zovi, a security researcher and co-author of “The Mac Hacker’s Handbook,” about the ease of exploiting Mac OS X, the value of vulnerability research and his “no more free bugs” campaign.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
