Black Hat USA 2013 Highlight
I attended one of the Black Hat training sessions titled “Advanced C++ Source Code Analysis.” It was quite fascinating! Looking through source code for bugs seems to be a different mindset from writing software.
The Convergence of Data Analytics and Security
A renewed sense of urgency to secure information, networks and electronic devices in order to thwart advanced hacking techniques loomed over the 2013 RSA conference floor in San Francisco. The harsh realization that traditional security measures simply don’t cut it anymore was confirmed by various keynotes and casual hallway conversations between peers.
How Excessive Admin Features Can Lead to Security Headaches
At DEF CON 2012 in Las Vegas I sat through a presentation titled “Owning One to Rule them All,” hosted by penetration testers Dave Kennedy and Dave DeSimone. They discussed a recent penetration test that utilized Microsoft Systems Center Configuration Manager (MSCCM) to gain access to essentially an entire network of computers. MSCCM is intended to streamline the management of multiple devices – desktops, laptops, smartphones and tablets – within IT infrastructures. While a tool like MSCCM may seem convenient, granting too many administrative features can lead to more serious network security headaches, including breaches.
Google Wallet and Mobile Phone Payment Systems Security
I had the privilege of discussing the state of mobile phone payments systems, like Google Wallet, on a local radio station show called “Backbone Radio” in mid-February, 2012, which is co-hosted by Joshua Sharf. The segment aired on 710-AM KNUS in Denver and 1460-AM KZNT radio out of Colorado Springs.
Challenges in Supporting IPv6
IPv6 enabled websites are steadily increasing as the availability of IPv4 addresses continue to diminish. While most current company network architectures already support IPv4, it is crucial that applications be ready to support the new IPv6. Migrating to IPv6 is not easy and challenges may arise involving both the network and application layers, as zveloLABS.