Businesses of all types and sizes stand to benefit greatly from the Internet of Things (IoT), with a wealth of intelligence for planning, management, policy, and decision-making that will help them maximize productivity and efficiency while minimizing costs. However, if not properly protected by integrating it with a solid network security solution, the consequences can be devastating. Read More »
That’s right folks, today is Patch Tuesday and Microsoft has published its monthly security bulletin for August 2013. The bulletins address a total of 23 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, and Microsoft Exchange. These vulnerabilities could allow an attacker to execute arbitrary code, cause a denial of service condition, or gain elevated privileges.
The bulk of the August updates correct several vulnerabilities in Internet Explorer. Although little technical information is available currently, it’s likely that attackers may develop future exploits based on the vulnerabilities.
Multiple vulnerabilities correct vulnerabilities in Microsoft Windows. A few of the vulnerabilities involve improper processing of ICMP network packets and could allow for attacks that cause affected systems to stop responding to additional network traffic. Although service failures are a concern for production systems, an exploit would allow no system access. Read More »
My first DEFCON was DEFCON Three, held at the Tropicana Hotel in Las Vegas. The computer security conference scene was much, much smaller back then, but DEFCON had already become THE security conference of the year. Since that time I’ve continued to regularly attend DEFCON, and over the years I have collected some very fond memories of summer computer security conventions past. I remember vividly when the Cult of the Dead Cow celebrated their release of Back Orifice. I recall battling the Las Vegas heat in the large, “air-conditioned” tents at the Alexis Park Hotel. I remember when the NBC Dateline journalist was outed at DEFCON after planning to surreptitiously record attendees confessing to hacking crimes. I remember seeing the authorities hauling away a fake Automated Teller Machine (ATM) that had been installed in the Riviera. Fun times…
DNS records are an attractive target for distributors of malware. By compromising the DNS servers for legitimate domains, attackers are able to redirect visitors to trusted domains to malicious servers under attacker control. DNS requests are served from dedicated servers that may service many thousands of domains. Compromising these servers allows attackers to take over domains as a wholesale attack, serving malware from any domain that uses the DNS service.
Read More »
The Payment Card Industry (PCI) Security Standards Council (SSC) is an open global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for account data protection. The 2013 meeting will focus on the updates to core PCI standards: PCI DSS, PTS PA-DSS.
Getting the latest information about the PCI Data Security Standard (DSS) is vital as products and technologies continue to change at a rapid pace. Being part of the conversations, networking with like-minded professionals, and interacting directly with payment card brands are just a few of the benefits of attending the seventh annual PCI SSC North American Community Meeting. The meeting runs September 24–26, 2013, at the Mandalay Bay Convention Center in Las Vegas, Nevada.