by Mirko Zorz - Friday, 22 October 2010.

HD Moore is the CSO at Rapid7 and Chief Architect of Metasploit, an open-source penetration testing platform. HD founded the Metasploit Project with the goal of becoming a public resource for exploit code research and development. Rapid7 acquired Metasploit in late 2009. In this interview HD Moore talks about the transition to Rapid7, offers details on the development and different versions of Metasploit and discusses upcoming features.

What was it li...

by Phil Lieberman - CEO of Lieberman Software - Thursday, 16 December 2010.

In-house and internal threats will be a big element of 2011 as organizations begin to understand that anti-virus, malware, and phishing software is no longer effective. There will be an epiphany that critical infrastructure is under constant attack and that there is a serious need to implement more comprehensive security software, security perimeters, data loss prevention and human assets to counter the existing and ...

Dr. Eric Cole is a security expert with over 20 years of hands-on experience. He is actively involved with SANS working with students, teaching, and maintaining and developing course-ware. He is a SANS faculty fellow and course author. In this interview he discusses current threats, the evolution of security products, phishing attacks, the future of cybercrime, as well as his SANS "Security Essentials" training course he's hosting at SANS London in late November 2010.

As we move forward and ...

by Jon Geater - Thales - Tuesday, 2 November 2010.

As expected, PCI 2.0 rolls up a number of minor changes, but there really is no Big Bang in this document. A number of people have been disappointed by this since for the past 2 years expectations have been built up that version 2.0 would ‘cure all ills’.

In addition, many of the changes in PCI 2.0 were billed as clarifications, but it’s a fair and seemingly common view that these clarifications do not add as much or go as far as peopl...

by Zeljka Zorz - Tuesday, 23 November 2010.

In this day and (cyber)age, hacking contests are sprouting like mushrooms after the rain - and it's a good thing they do. For what better venue is there for exercising the offensive and defensive cyber skills of future "cyber warriors" than events such as these, where their talent can get noticed and appreciated, and inspire others?

But PacketWars differs somewhat from that formula. Its developers started it with an ambitious goal in mind - to educ...

by Paul Tuner - Monday, 18 October 2010.

It has always been taken for granted that the entire IT security industry understands that, as part of digital certificate management, it is necessary to manage the private keys associated with those certificates. A recent conversation with an analyst made it clear that this assumption was just that – an assumption.

There were two reasons, he said:

• Very few people realize that managing certificates also requires the management of private keys
• ot ...

by Mirko Zorz - Monday, 25 October 2010.

Brad Haines is chief researcher of Renderlab.net and a noted expert in the field of wireless security. Brad has spoken at many international conferences and taught several classes on free wireless assessment tools. He is also author of Seven Deadliest Wireless Technologies Attacks and a contributor to RFID Security and Kismet Hacking. In this interview he discusses wardriving, client attacks, WPA encryption, RFID technology and his latest book.

Given ...

by Craig LeGrande and Amir Hartman - Mainstay Partners - Thursday, 25 November 2010.

The last decade has seen a dramatic shift in the way companies manage information security and protect vital data. In the past, businesses confronted the threat of cyber attacks and data breaches primarily by building firewalls and other “perimeter defences” around their networks, but the threat has continued to evolve, and more criminals are hacking into applications that are running on a plethora of ne...