Blogs

The “Security Hero” Culture is Changing

Will Rogers said, “Being a hero is about the shortest-lived profession on earth.” 

I would agree with Will since I am pretty sure that he was referring to a hero in the traditional sense of the word. But, when it comes to the information security world, this wisdom unfortunately does not apply. The “security hero” is a role that has been around for far too long.

The Many Forms of Education at the RSA Conference

This year, I attended my fifth RSA Conference. I have been to RSA events with grand themes such as 1920s-era gangsters, a cryptographer from ancient India, Edgar Allen Poe, and others.  And, while the themes were always clever, impressive and essentially applicable to the industry, they seemed to create a sense of grandeur that masked the main reason that we should go to conferences - to learn.

Old Meets New: Microsoft Windows SafeSEH Incompatibility

In recent years, Microsoft has made great strides to improve product security. This momentum can be seen clearly in their investments in security-focused processes, development, and research. The release of anti-exploitation features such as DEP, ASLR, Stack Cookies and SafeSEH are products of their commitment to security.

The Times They Are A-Changin'

By:  The Accuvant LABS R&D Team

We at Accuvant LABS have been overwhelmed by the positive feedback we’ve received for our research paper “Browser Security Comparison – A Quantitative Approach”.  By now many have had a chance to sit down with the paper and understand the materials, as evidenced by the sheer amount of feedback we’ve received.  We want to thank everyone who has supplied us with their feedback; your words have not fallen on deaf ears.

Mozilla Firefox, Google Chrome or Microsoft Internet Explorer - Which Web Browser is Most Secured?

By:  The Accuvant LABS R&D Team

Accuvant LABS has just released some new research that compares the security of three of the most widely used web browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer. Google commissioned Accuvant to perform this comprehensive and independently designed security analysis to help advance the discussion of best practices in the security community.  Our research findings are extremely thorough and complete, so we decided to create this blog to summarize the results.

Measure Twice, Cut Once

Shortly, Accuvant LABS will be releasing some research findings on web browser security.  Instead of relying solely on statistical data regarding vulnerabilities, we took the approach of analyzing and comparing the implementation of anti-exploitation technologies.  We reasoned that this approach would provide the best comparison of the relative security of different browsers.  One anti-exploitation technology, Data Execution Prevention (DEP), proved to be slightly more difficult to accurately assess.

Dr. Charlie Miller Compares the Security of iOS and Android

I had the honor of talking to Dr. Charlie Miller, principal research consultant for Accuvant LABS, for a bit during DerbyCon about the security of mobile devices’ operating systems. Specifically, Dr. Miller articulated the differences between Apple’s iOS and the Android OS. Here are some of the highlights before you watch the video to get it directly from the good doctor himself:

Video Attachment: 

Why DerbyCon Was a Success

A new hacker con took place last weekend. It was called DerbyCon, and it was held in Louisville, Kentucky. As DerbyCon’s website states, this was not “just another security conference.” It was honestly the best hacker con I have ever attended.

Image Attachment: 

Universal Issues Around Mobile Security

 It seems everywhere I go I’m having interesting conversations with senior level government officials regarding mobile security.  A lot of these conversations involve the use of smartphones, encrypting data on these devices, keeping government data separate from personal data, and allowing employees to purchase the phones of their choice and have the government manage them. These are the same exact types of conversations that are taking place in the private sector.

Not All Education is Equal

One of the most critical yet overlooked components to having a secure environment is ensuring that your internal team responsible for protecting sensitive information assets has the knowledge, skills and abilities to make the right decisions.