Source: InvisibleThings.org - Posted by Benjamin D. Thomas
The presentation I gave in Washington, D.C., at Black Hat Federal Conference in January 2006. It's about new generation of stealth malware, so called Stealth by Design (SbD) malware, which doesn't use any of the classic rootkit technology tricks, but still offers full stealth! The presentation also focuses on limitations of the current anti-rootkit technology and why it’s not useful in fighting this new kind of SbD malware. Consequently, alternative method for compromise detection is advocated in this presentation, Explicit Compromise Detection (ECD), as well as the challenges which Independent Software Vendors encounter when trying to implement ECD for Windows systems.
A new professional body for information security professionals launched today (Monday 27 February) will help raise the standards of IT security across the UK, leading employers have said. The Institute for Information Security Professionals has won backing from major UK firms, which plan to use it as a benchmark for hiring IT security staff.
Source: NetworkWorld - Posted by Benjamin D. Thomas
A panel discussion involving a group of experts held during DEMO ‘06 in Phoenix last week concluded that the state of security today is not where it should be. But the panelists also had suggestions on how to improve it.
During the conference, which is owned by Network World, former IBMer and consultant John Patrick called together a panel of industry and academic figures to try to answer the question, “Will the good guys be able to stay ahead of the bad guys?� But first Patrick asked the panel to assess the current state of security, and the responses showed that the good guys aren’t necessarily ahead of the bad guys to begin with.
According to our recent Security Staffing survey, IT security executives believe their organizatons are in greater jeopardy due to staffing shortages than their peers that oversee corporate security. Additionally, IT uses flex time and training as a motivator more so than corporate security executives. Corporate security organizations outsource more than IT security departments and the most frequently outsourced positions were security guards and guard management, while IT security were more likely to outsource data back up and biometrics.
Source: Hackaday.com - Posted by Benjamin D. Thomas
Well, we’ve come to the end of my Shmoocon 2006 coverage. The conference wasn’t all presentations though, there were a lot of other fun activities:
The Hacker Arcade featured arcade games that had been modified to generate USB tokens that you could later redeem for prizes. The folks at 757.org modified a skill crane so that it could be controlled from the web. Of course, toys like this at a hacker convention spawned some creative solutions. David Rhodes scripted the skill crane’s web interface so that it would try every possible coordinate pair and ended up with an armful of prizes. Another attendee discovered that the USB tokens weren’t case sensitive and generated a couple hundred thousand prize tokens.
Source: Louisville Geek Dinner - Posted by Benjamin D. Thomas
The purpose of this site is to organize a social networking event for geeks in Louisville and surrounding areas. The geek dinner concept came from listening to London Geek Dinner podcasts. London Geek Dinners have attracted crowds over 175. Hopefully we can pull strong numbers in Louisville.
Who is invited, and what does it mean to be a geek? Wikipedia defines geek as the following, "a person who is fascinated, perhaps obsessively, by obscure or very specific areas of knowledge and imagination." The simple fact is that we love technology. We need a social event where everyone speaks our language for a change. All geeks are invited. Please encourage your geek friends to Signup. The best way to ensure that you will have a good time is to invite other geeks that you know.
Source: New Security Paradigms Workshop - Posted by Ryan W. Maple
NSPW is a unique workshop that is devoted to the critical examination of
new paradigms in security. Each year, since 1995, we examine proposals
for new principles upon which information security can be rebuilt from
the ground up. We conduct extensive, highly interactive discussions of
these proposals, from which we hope both the audience and the authors
emerge with a better understanding of the strengths and weaknesses of
what has been discussed.
Infosecurity Europe 2006 is just around the corner. Taking place at the Olympia in London 25-27 April 2006, it is the most important gathering of security professionals in Europe. At the press conference in London earlier this week, we were introduced to last year’s statistics as well as information about the 2006 conference with many presentations.
Source: Information Week - Posted by Benjamin D. Thomas
Linux supporters have roundly criticized a recent report from the United States Computer Emergency Readiness Team (CERT), which reported that during 2005, Linux and Unix combined had 2,328 vulnerabilities, compared with 812 vulnerabilities for Microsoft Windows.
Linux practitioners say the counts are skewed because they count the same vulnerability each time it appeared last year in any given Linux distribution. By doing this, they say, one bug could actually show up in the list dozens of times, depending on the number of Linux variants it appeared in. The CERT stats also appear to include problems with scripting languages such as PHP or even applications that are not part of the core Linux operating system but instead are used with it.
REcon is a computer security conference being held in Montreal. The conference offers a single track of presentations over the span of three days. Check the conference page for more details.
A three day training course on reverse engineering will be presented by Nicolas Brulez. Two sessions are being made available, both before and after the conference. Check the training page for more details.
