Nitol versus Michelangelo: the supply chain is much more than the production line.
AMTSO's discussions on its own new directions, and updates to its testing-related resources.
Why you really might prefer to pay for AV security. Free Fall or Free-for-All?
The paper by Julio Canto and myself on the use and misuse of multi-scanner malware-checking resources like VirusTotal is now available.
WPS, Reaver, and what you can expect from anti-virus by way of vulnerability scanning
Many companies and sites offering support are basing their appeal to visitors to their web sites on bona fides that are pretty difficult to verify.
David Harley is taking part in the keynote session (11.00-12.00 EST) on "APT: Real Threat or Just Hype" at US Infosecurity's Virtual Conference on November 8th.
A new conference paper, two conference presentations, and an article for SC Magazine.
...the finding that 52% of respondents felt that increased use by their employees of social media had resulted in an increase in attacks from malware seems to me both interesting and significant...
You may have noticed a lot of excitement about Facebook's latest attempts to prune your privacy, and you'll probably see more commentary on this blog. Here's something a little different: a good old-fashioned chainletter that seems to be flourishing despite all its logical flaws. The story is at SC Magazine's Cybercrime Corner, to which I
SSL isn't hopelessly broken, but the widespread use of TLS 1.0 means that SSL cannot be regarded as fully "secure"
Róbert Lipovský and I put our heads together and posted a joint article to SC Magazine's Cybercrime Corner on "Dead Certs?"
As you might expect, I don't by any means agree that AV is a dead parrot, though I'm not going to claim that it detects everything (or anywhere near that) either.
…but it doesn't necessarily want you to be free. Since Cameron Camp and I have written here and here about the implications of the UK government's meditations on curbing civil unrest by curbing social media services, it's interesting to see that the estimable Kim Davis, who previously categorized UK Prime Minister David Cameron's pronouncements as bluster, has also
You may be aware that Cameron Camp and I regularly write articles for SC Magazine's Cybercrime Corner: here here's a catch-up list of the most recent, in the hope that you might find them of use and interest. At any rate, it'll give some idea of the range of content covered. Ten years later, still the same
...I realize that it looks a little self-obsessed to keep writing about comment spam relating to your own blog...
What we're lacking here is a clear differentiation between types of "hacktivist" or, indeed, "activist": much of the commentary that's around at the moment seems to assume that all hacktivists are the same.
"Infrastructure Attacks: The Next Generation?" now includes the speaker notes, which hopefully makes it more interesting and useful.
...the 'next Stuxnet' probably won't be any such thing, whatever we may choose to call it...
In the absence of any detailed information from the IMF itself, it's not surprising that most of the surmise around the attack is based on internal IMF memos quoted by Bloomberg, and much of it is rather tenuous.