Blogs

Jan

10

Old Meets New: Microsoft Windows SafeSEH Incompatibility

In recent years, Microsoft has made great strides to improve product security. This momentum can be seen clearly in their investments in security-focused processes, development, and research. The release of anti-exploitation features such as DEP, ASLR, Stack Cookies and SafeSEH are products of their commitment to security.

Posted by Joshua Drake on 01.10.2012

Dec

15

The Times They Are A-Changin'

By: The Accuvant LABS R&D Team

We at Accuvant LABS have been overwhelmed by the positive feedback we’ve received for our research paper “Browser Security Comparison – A Quantitative Approach”. By now many have had a chance to sit down with the paper and understand the materials, as evidenced by the sheer amount of feedback we’ve received. We want to thank everyone who has supplied us with their feedback; your words have not fallen on deaf ears.

Posted by Ryan Smith on 12.15.2011

Dec

05

Mozilla Firefox, Google Chrome or Microsoft Internet Explorer - Which Web Browser is Most Secured?

By: The Accuvant LABS R&D Team

Accuvant LABS has just released some new research that compares the security of three of the most widely used web browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer. Google commissioned Accuvant to perform this comprehensive and independently designed security analysis to help advance the discussion of best practices in the security community. Our research findings are extremely thorough and complete, so we decided to create this blog to summarize the results.

Posted by Ryan Smith on 12.05.2011

Dec

01

Measure Twice, Cut Once

Shortly, Accuvant LABS will be releasing some research findings on web browser security. Instead of relying solely on statistical data regarding vulnerabilities, we took the approach of analyzing and comparing the implementation of anti-exploitation technologies. We reasoned that this approach would provide the best comparison of the relative security of different browsers. One anti-exploitation technology, Data Execution Prevention (DEP), proved to be slightly more difficult to accurately assess.

Posted by Chris Valasek on 12.01.2011

Oct

20

Dr. Charlie Miller Compares the Security of iOS and Android

I had the honor of talking to Dr. Charlie Miller, principal research consultant for Accuvant LABS, for a bit during DerbyCon about the security of mobile devices’ operating systems. Specifically, Dr. Miller articulated the differences between Apple’s iOS and the Android OS. Here are some of the highlights before you watch the video to get it directly from the good doctor himself:

Video Attachment:

Posted by Michael Farnum on 10.20.2011

Oct

05

Why DerbyCon Was a Success

A new hacker con took place last weekend. It was called DerbyCon, and it was held in Louisville, Kentucky. As DerbyCon’s website states, this was not “just another security conference.” It was honestly the best hacker con I have ever attended.

Image Attachment:

Posted by Michael Farnum on 10.05.2011

May

05

Universal Issues Around Mobile Security

It seems everywhere I go I’m having interesting conversations with senior level government officials regarding mobile security. A lot of these conversations involve the use of smartphones, encrypting data on these devices, keeping government data separate from personal data, and allowing employees to purchase the phones of their choice and have the government manage them. These are the same exact types of conversations that are taking place in the private sector.

Posted by Daniel Ford on 05.05.2011

Apr

13

Not All Education is Equal

One of the most critical yet overlooked components to having a secure environment is ensuring that your internal team responsible for protecting sensitive information assets has the knowledge, skills and abilities to make the right decisions.

Posted by Dane Skagen on 04.13.2011

Mar

24

The Internet Kill Switch Bill – Not Such a New (or Bad) Idea

During the past several months, there’s been a lot of talk about the “Protecting Cyberspace as a National Act of 2010” Bill (a.k.a. the “Internet Kill Switch Bill”) proposed in the Senate last summer. With the civil unrest this year in Egypt and Libya, and the governments in those respective countries cutting off Internet access to their citizens, people in the U.S. (and other countries such as the U.K. that are considering this type of legislation) are concerned about the loss of freedoms, as well as the increase of “Big Brother” type control.

Posted by Jon Miller on 03.24.2011

Feb

25

The Importance of Bridging the Public/Private Industry Gap

Every so often we read articles that speak of public/private industry collaboration toward best practices in the field of cyber security. We hear of working groups, industry forums, training and collaboration, and even private industry executives testifying before congress regarding their experiences. But after all the hoopla and posturing, it seems all parties return to their corne

Posted by Frank McLallen on 02.25.2011

Services	Approach	Results	News & Events	Company	Contact Us
Accuvant Labs	Real World Solutions	Vertical Industry Solutions	Press Releases	Executive Team	RSS
Risk & Compliance Services	Focused on the customer	Videos	In the News	Advisory Board	Twitter
Solution Services	Three Pillars of Success	Awards & Recongitions	Upcoming Events	Industry Recognition	Blog
Federal Solutions			Blog	Careers	Linkedin
					Facebook
					Privacy Policy
					Site Map

News & Events