Monday morning and RSA 2014 has not even properly started but there I was up on stage in front of a rather packed room. Feeling jet-lagged and wishing I had more caffeine in my system, I was glad that I was simply moderating a panel which included Dwayne Melancon, Andy Ellis, Jane Lute and Mike Assante.
The topic – “Closing the cyber security skills gap” where conversation flowed extremely well. I threw out a few questions and sat back and watched the show. TripWire had commissioned an artist to draw a visual representation of the conversation which turned out to be fantastic.
Most of the conversation escapes me because I was too worried about keeping the conversation flowing and staying on track to end on time. But luckily twitter captured most of the sentiments which are collated below:
A bug bounty is a reward handed out by companies to people who disclose bugs or vulnerabilities to them in a responsible manner. Think of it like the wild west where anyone is deputised with powers to chase after the Kid and claim the reward dead or alive.
Traditionally companies like Google and Facebook offered bounties, but seeing the potential benefits, more and more smaller companies have been getting in on the act with companies like BugCrowd offering a brokerage service to bring together testers and companies.
After years of ‘will they, won’t they’ Microsoft jumped into the bounty-offering scheme with whooping $100k being paid out for cool windows 8 hackery. What is even more interesting about Microsofts bounty offering, as described by its Senior Security Strategist Katie Moussouris, was that it was designed to disrupt the vulnerability and exploit markets.
In other words, if an unsavoury person finds a vulnerability they would rather not disclose because they’d rather try to use it to make illicit gains, then any one of their associates can do a “Huggy Bear” and hand in the vulnerability whilst making off with the cash.
Wild west indeed – as J4vv4D and Girl Cynic found out.
A tropical Island paradise, a Russian millionaire and hackers may sound like the plot of a James Bond movie, but they are actually references to Kaspersky’s industry analyst event in Punta Cana, Dominican Republic, where the company was expected to divulge its plans, aspirations and research to analysts from around the world.
Four of 451 Research’s finest analysts – Daniel Kennedy, Chris Hazelton, Adrian Sanabria and Javvad Malik – attended the event.
To read an interview with Adrian and Javvad – visit 451 Research Information Security Blog.
The folks at Information Security Buzz were asking a bunch of people for their tips in how to avoid phishing scams. I responded in the form of a video.
Lemonade is big business – lemonade made from natural ingredients even more so… but what happens when your lemonade isn’t quite what you thought it was? We bring you this special report.
If 2013 was a movie… these are the end credits.
When I was an intern, we found a database. It looked like – like, butchered. The old mainframe women in the basement crossed themselves… and whispered crazy things, strange things. “El Diablo cazador de hombres.” Only in the hottest years this happens. And this year the cooling system failed. We find data servers sometimes without data… and sometimes, much, much worse. “la amenaza más avanzado que el hombre” means the threat that is more advanced than man.
It’s the time of the year where people come out with their annual security predictions… I took some inspiration from these posts by Martin McKeay, Dave Lewis and Steve Ragan to come up with my own security predictions.
Warning – these predictions are so mind-blowingly awesome that you’ll think I really do possess psychic powers!
Warning 2 – Please seek professional advice before investing in anything based upon these predictions, stock value may go up or down, your home may be repossessed if you cannot keep up repayments.
I often document my travels which have considerably increased since I became an analyst, therefore attending conferences is part of my job.
People who travel will know that you don’t always get time to see the sites or engage in anything fun. In fact, it’s pretty much travel – do work – travel back. So most cities I’ve only seen the airport, the inside of a cab, the inside of the conference centre and the hotel. as I tried to depict in this 60 second video of my trip to Paris a few weeks back.
It’s December – and it’s kind of a tradition that every year I get together with the fine folk at Twist and shout to make a Christmas video.
This year, however we decided to do something different, so along with my Host Unknown companions Thom and Andy, we set out to do something serious that captures a great story.
The Greatest Story Ever Told from Twist and Shout on Vimeo.
To see where the Christmas tradition started, check out Santa gets hacked and it’s sequel below.
Santa Gets Hacked! from Twist and Shout on Vimeo.
Santa Gets Hacked – Aftermath from Twist and Shout on Vimeo.