Latest news
-
Automated hacking
The automatic tools that are available online save the attacker the trouble of studying attack methods and coming up with exploits to applications’ vulnerabilities. An attacker can just pick a set of automatic attack tools from the ones that are freely available online, install them, point them at lucrative targets, and reap the results.
In this video, Rob Rachwald, Director of Security Strategy at Imperva, talks about how attackers are using automation to carry out attacks on web applications. Rob talks about Imperva's research into the most frequently used automated tools and also discusses how you can identify automated hacking. -
Hardening Windows processes
Didier Stevens is an IT security consultant working for a large financial corporation in Belgium.
In this video recorded at Hack in The Box 2012 Amsterdam, Didier talks about hardening Windows processes and he discusses Microsoft's Enhanced Mitigation Experience Toolkit (EMET) as well as his own tool - HeapLocker. -
Monitoring the quality of SSL support
Ivan Ristic, Director of Engineering at Qualys, talks about SSL Pulse - a continuous and global dashboard for monitoring the quality of SSL support across the top one million web sites.
-
Investigating Android permissions
Georgia Weidman is the founder of Bulb Security. She's also a penetration tester, security researcher, and trainer.
In this video recorded at Hack in The Box 2012 Amsterdam, Georgia talks about Android permissions. She dissects the permissions granted to a very popular application and talks about the various implications that not only invade your privacy but can actually cost you money. She also offers tips on how to protect yourself. -
Make your pentester work harder for his money
In this video recorded at Infosecurity 2012, Wolfgang Kandek, CTO at Qualys, talks about their recent research dealing with Java.
Many modern exploits use Java as a stepping stone to gain access to a system. While this has been common on computers running Windows for some time, recently Mac OS X users have become targets as well.
Spotlight
Is it time to professionalize information security?
Posted on 23 May 2013. | The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate.
Review: Logging and Log Management
Posted on 22 May 2013. | Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.
Experts highlight top data breach vulnerabilities
Posted on 22 May 2013. | Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
