With a reported 17,000 people flocking to Europe's largest security conference this week, there is no doubt that the industry is expanding vastly. Here, you’ll find hundreds of vendors, a variety of workshops and a range of sessions for professionals in the field, no matter what level. From technical insights to business risks, the events is a great...

The recent ‘Logjam’ attack shows that a well-funded intelligence agency might be able to crack 1024-bit Diffie Hellman keys (at least if the same group is used by many systems). When using RSA, cracking 1024-bit keys may not be beyond the most powerful adversaries either. There are two solutions to this problem. The first is to simply use longer...

It’s been a tough few weeks for those of us that are responsible for patching vulnerabilities in the companies we work at. Not only do we have the usual operating system and application patches, we also have patches for VENOM and Logjam to contend with. The two aforementioned vulnerabilities are pretty serious and deserve extra attention. But, where...

Those in the IT world are always looking to develop the right skill sets that will help them get noticed above their competition. Considering how quickly technology changes, possessing a highly-desired set of skills can lead to better jobs and higher wages. Trends, of course, come and go, and keeping up with what is currently the most in-demand...

I’m happy to report that the first ever Tripwire VERT capture the flag contest was a huge success. With competitors registered from across the globe, our vulnerable application saw thousands of connections coming from dozens of unique addresses along with a non-stop flood of flags, questions,and...

For some reason, Europe’s ‘The Final Countdown’ was playing in my head as I sat and pondered this write-up. I suppose that’s fitting given that we are about to cross the 60-day mark until Windows Server 2003 goes End-of-Life. The concept of product EOL can be confusing, especially given the frequent cross-contamination that exists within Microsoft...

While we're all collectively struggling with how to internalize Logjam, a high-profile vulnerability that doesn't have a catchy logo, I'd like to take those who are interested aside for a moment to consider how we might talk about the threat this vulnerability poses. I'll start with some basics, but if you want more technical details, the Tripwire...

During my career, I have built and managed hundreds of production-level client and server systems, and nothing can be more worrisome than when it comes time to apply patches and upgrades to software. Why? Because things can, and often times, do go wrong during patch and upgrade cycles. According to a few reports, it is possible that system...

Last week, we published a list of the top 10 conferences in information security. In our article, we strove to include some of the biggest events in the industry. But realizing that we likely missed a few, we invited you – our readers – to write in and let us know of the conferences you feel should have made the list. Thank you to those who provided...

On Friday May 15th, a Canadian news outlet published a copy of the application for a search warrant filed by the FBI after Chris Roberts was removed from a United flight for tweeting about hacking a plane. If you’ve never read a search warrant for electronic devices, it’s an educational read. The purpose of the warrant was to allow the FBI to search...

It seems more and more companies are beginning to understand the benefits of running a bug bounty program, encouraging vulnerability researchers to report security flaws responsibly (for a reward) rather than publishing details on the web or selling a flaw to potentially malicious parties. The latest high profile firm found running a bug bounty is...

Updated at 8:30 AM PST. A security researcher has discovered a new vulnerability that he claims could allow a hacker to infiltrate potentially every machine on a datacenter’s network, leaving millions of virtual machines vulnerable to attack. According to CrowdStrike Senior Security Researcher Jason Geffner, ‘VENOM’ (CVE-2015-3456), which is an...

Today’s VERT Threat Alert addresses 13 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-614 on Wednesday, May 13th. MS15-043 VBScript ASLR Bypass CVE-2015-1684 VBScript and JScript ASLR Bypass CVE-2015-1686 ...

Many of us have embraced the “shopping online is not safe” mentality, or at least held that mindset for a time but today, shopping locally has become (arguably) more dangerous than shopping online. When comparing current security issues, one might have a hard time choosing between risking shopping over a potentially unsafe server connection to that...

The best things in life may be free but in software, that statement isn't so true. A free database based on the code of one of the most popular enterprise databases around sounds like a great deal, but it can quickly turn into a nightmare. With data breaches becoming ever more common, storing data in...

Now more than ever, it’s evident cybersecurity risk oversight at the board level is essential to keep any business or organization afloat – and off the headlines. However, despite the abundance of data breaches and high-profile cyber attacks, C-level executives still lack understanding of these cyber risks, as well as confidence in their...

"The more I learn, the more I realize how much I don't know.” – Albert Einstein Being involved in information security is intimidating. Not just because you are dealing with complex technology with serious implications if you fail, but everyone around you is going to be smarter than you. Even your adversaries. Especially your adversaries. Get...

You know what I don’t want to talk about any more? Responsible disclosure. The problem is that, as old as that discussion is for information security, it and the adjacent topics, remain relevant for many other industries. There’s a good chance you caught the media coverage of a recent incident...

In ages past, invading armies would poison the water source – usually a well – of a city in order to reduce the fighting capability of the enemy or to force the populace of a city under siege to surrender. This method was usually successful because an invader could have a devastating effect on a very large population with minimal yet targeted effort...

Plenty of people these days are prepared to augment their bodies with face furniture, piercings, rings and tattoos. But would you implant a chip in your hand to show how easy it is to exploit an Android phone? That's what former US navy petty officer Seth Wahle did, in an attempt to demonstrate how business networks could be compromised. Wahle took...