security

CNET News Daily Podcast: Journalist-on-journalist hacking at Black Hat

In what's being regarded as a total breach of professional ethics, three reporters from Global Security Mag were removed from the Black Hat security conference in Las Vegas on Thursday after attempting to expose the username and passwords of two reporters in attendance, including a CNET News employee. The magazine was a co-sponsor of the event, but the three parties responsible were asked to leave and barred from all future events, including this weekend's DefCon. For more detail, see the accounts from CNET News' Elinor Mills and Robert Vamosi who are in Vegas now.

Listen now: Download today's podcastRead more

Column: Raising Cain at Black Hat

LAS VEGAS--On the second day of the Black Hat security conference, a trio of journalists turned on other journalists within the press room.

This was my ninth Black Hat in nine years, and I have lived in dread year after year that such a headline would affect me. On Thursday, CNET News was named as one of the two organizations "hacked," but I disagree that any such hack occurred.

Just before noon on Thursday, a trio of reporters from Global Security Mag sat in one of the two press rooms at Black Hat. Both rooms have a wired … Read more

Facebook's new worm turns your friends into enemies

Facebook has a worm. It was bound to happen: As the web increases in popularity, it was just a matter of time before security bad guys started targeting web applications in earnest. Recent research from IBM suggests that the pace of security vulnerabilities on the web is accelerating.

This particular worm on Facebook is highly insidious:

The worm spreads when a compromised user's account is used to send message to others with a title such as "LOL. You've been catched on hidden cam, yo:" and a link to a random URL. The linked website is a … Read more

Facebook responds to security warnings

Facebook security chief Max Kelly has assured members in a blog post that the social network is "fighting the good fight" when it comes to several malware attacks discovered on the site in recent days.

"We spent most of last night working on a fix for a worm, which was targeting people on Facebook and placing messages on walls urging users to view a video that pretends to be hosted on a Google or YouTube Web site," Kelly wrote. "Less than .002 percent of people on Facebook have been affected, all of whom we notified … Read more

Black Hat expels reporters in network snooping

Robert Vamosi of CNET News co-wrote this story.

Updated 10:30 p.m. with comment from Brami.

LAS VEGAS--Three journalists for a French security magazine were kicked out of the Black Hat security conference after they allegedly sniffed the press room computer network on Thursday.

The journalists work for Global Security Mag, which was a media sponsor of the event. Two of the men, Dominique Jouniot and Mauro Israel, could not be reached for comment.

The third, Marc Brami, director of the magazine, told CNET News later that he blamed Israel for the incident, which Brami described as "a … Read more

Microsoft to seek credit for finding vulnerabilities

LAS VEGAS--Microsoft is jumping into the responsible disclosure game.

The company announced at the Black Hat security conference on Thursday that it is formalizing its program of informing third-party software vendors of security problems with products that run on top of Windows.

"We've seen the threat environment change," said Andrew Cushman, who runs the Microsoft Security Response Center.

Vista is more secure than XP and has fewer infections, he said. In addition, there are an increasing number of third-party exploits, and fewer browser-based exploits than in third-party software, he added.

The MSRC already reports vulnerabilities to other … Read more

This Christmas, your company's getting an iPhone in a box

George Ou (yes, that George Ou!) has an interesting preview of David Maynor's (yes, that David Maynor!) presentation tomorrow at DEFCON 16.

The horny one doesn't know if David's ingenious idea was inspired by the dick in a box, but to riff on a theme:

1) Get a box 2) Put a hacked iPhone attached to an external battery and running reconnaissance or penetration (ahem) tools in the box 3) Mail the box to your girl some company 4) Penetrate (the Macalope said "ahem" already!) said company

And that's how you do it!

While … Read more

Wall of Sheep comes to Black Hat

LAS VEGAS--How confident are you when using your laptop at a conference?

For years, a group called Wall of Sheep has been showing attendees of Defcon when their network connections are insecure. The Wall of Sheep board has been a fixture at Defcon, Black Hat's sister conference set to begin tomorrow at the Riviera Hotel and Casino. The board displays the names (with some identifying information obscured) of those connecting to the Internet in insecure ways. The idea is both meant to shame and educate users on best practices.

"If the 'Best of the Best' in security can … Read more

CNET News Daily Podcast: What's on hackers' minds at Black Hat?

Hackers have descended on Vegas in full force for the annual Black Hat security conference. What's on their minds? CNET's Robert Vamosi called in from Sin City and talked with CNET News' Leslie Katz.

Plus, someone claims to have found a mechanism on the new iPhone software that would let Apple remotely remove blacklisted applications from your phone. Is Apple trying to play "big brother" or simply save consumers from malicious apps that slipped through the cracks? Listen now: Download today's podcast

Today's stories:

Black Hat a sure bet to be big, bold in VegasRead more

Is Check Point's security profile the broadest?

Recent Enterprise Strategy Group research points to two evolving trends:

Information security practices are merging into other IT areas, such as regulatory compliance and IT operations.

Enterprise users are leaning toward integrated security suites rather than "best of breed" security products.

With these trends in mind, it is safe to assume that the market advantage goes to security vendors with integrated product portfolios that cover security, compliance, and IT operations. Firms like EMC's RSA Security, McAfee, and Symantec are betting on this happening soon, but these industry heavyweights are not alone.

Case in point: Check Point Software … Read more