Four Security Exhibits That Won Without “Booth Babes”

After last week's post on RSA Conference banning so-called booth babes, I heard from a lot of people who agree vendors need to find other ways to attract attention during security conferences. One reader correctly noted that this unfortunate phenomenon isn't the result of bad intentions. It's just that some marketing teams don't know any better. They assume the booth babes work because they see others using them. What to ...

Continue reading

RSA’s Move to Ban Booth Babes

The language above has been added to exhibitor contracts for RSA Conference 2015. Zenobia Godschalk, a communications practitioner in the security industry and vocal critic of so-called "booth babes" at conferences like RSA and Black Hat, dropped me a line to say RSA added the language to force vendors to stop with the skimpy clothing. It appears the years of blowback over booth babes has had an affect, at least in ...

Continue reading

What “Hug-Gate” Says About The Infosec Community

Every once in awhile, someone in the security community says something on Twitter that ignites emotional discussion (some call it drama). This past weekend, it started with a comment about hugs. Someone commented that some security cons involve a lot of hugging and that it makes her uncomfortable. Someone responded with a comment about the benefits of hugs. Then all hell broke loose. Why, the first person asked, do people ...

Continue reading

New Adobe Flash Vulnerability – CVE-2015-0313

Oh, joy. Adobe has put out yet another security bulletin for vulnerabilities in Flash.  Details: Security Advisory for Adobe Flash Player Release date: February 2, 2015 Vulnerability identifier: APSA15-02 CVE number: CVE-2015-0313 Platform: All Platforms Summary A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected ...

Continue reading

3 Books that Changed My Life

The following is cross-posted from the Security Uncorked blog... My friend Jennifer Minella is doing a series where she asks folks from the security community about three books that changed their lives. She kicks it off with me. *** In this series, I asked infosec professionals to name 3 books that changed their life. This entry includes picks from journalist, writer and podcaster Bill Brenner. When I set out seeking contributors for ...

Continue reading

The Oracle of Security Flaws

When it comes to patching vulnerabilities, Oracle does nothing small. In its latest quarterly CPU (Critical Patch Update), the database giant hands its customers 169 new security fixes affecting many products. The full patch matrix is here. SiliconANGLE offers a decent analysis of the vulnerabilities and patches. From Maria Deutscher's report: One flaw that drew an outsized amount of attention is a misconfiguration affecting the enterprise technology stalwart’s popular E-Business ...

Continue reading

“Hackers. It’s time to Unite”

Last week I wrote about the new anti-hacking laws President Obama plans to float in his State of the Union address and how the proposals are Draconian at best. I noted that it's in our power to educate the masses and stop this thing before it becomes law. To that end, I have something to share with you. Derek Watson -- better known in the security community as Blak Dayz (@...

Continue reading

Bad Anti-Hacking Laws: We Can Educate the Public

There's much alarm in the security community over new anti-hacking laws President Obama plans to float in his State of the Union address next week. The alarm is justified. What he proposes, as my friend Rob Graham (@ErrataRob) wrote in this important post, "are blunt political solutions which reflect no technical understanding of the problem." Obama's proposed anti-hacking laws are designed to arm companies with legal protections for sharing information ...

Continue reading

PLXsert warns of Spike DDoS Toolkit

Akamai’s Prolexic Security Engineering and Research Team (PLXsert) is tracking the spread of Spike, a new malware toolkit that poses a threat to embedded devices, as well as Linux and Windows systems. Several versions of Spike can communicate and execute commands to infected Windows, desktop Linux and ARM-based devices running the Linux operating system (OS), PLXsert said in an advisory Wednesday morning. From the advisory: Binary payloads from this ...

Continue reading

Data Breach Victims or Enablers?

Back in May,  my good friend Eric Cowperthwaite caused a stir with a blog post about security breach victims getting demonized for failing to prevent break-ins. Other industry friends passionately disagreed. My thinking on the matter continues to evolve. But as is usually the case, my thinking takes me to the middle. Companies that suffer a breach -- Home Depot and Target have been among this year's biggest poster children ...

Continue reading