Web Security

Zombies, Baseball and IT Security

How is defending your network and users from sophisticated cyber attacks like fending off a zombie invasion? Funny you should ask! In an interview with Threatpost Editor Paul Roberts, Josh Corman, the Research Director in the Enterprise Security Practice at the 451 Group reprises a 2011 RSA Conference presentation, with security luminary Alex Hutton, “Metrics are Bunk: The Zombie Apocalypse, Baseball, and Security Metrics.”

Why Pwn2Own Is What’s Right With Security

VANCOUVER — When the Pwn2Own contest began in 2007, it was dismissed by some in the industry as nothing more than a publicity stunt meant to inflate the egos of researchers while embarrassing software vendors. But as the fifth edition of the hacker challenge gets underway at the CanSecWest conference here this week, it has evolved into a display of some of the few things that are actually good and right with the security community.

Opinion: Google’s DroidDream Patch Pushes The Envelope

Google announced plans yesterday to fortify the Android Market in response to the appearance of the DroidDream Trojan, but do the company’s plans cross the line from innovative to intrusive? In a blog post, Kaspersky Labs researcher Timothy Armstrong warns that the search giant’s plans to repair Droid phones without user consent may not pass the sniff test. 

A simple, trivially exploitable persistent cross-site scripting bug on the Google Android Web Market allowed anyone to upload an app that could be used to later run arbitrary code on the user’s Android device. The vulnerability, which Google has patched, enabled an attacker to silently install his malicious app and then get any and all permissions on the device.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.