Week in review: RSA Conference, Web application security, fuzzing, Metasploit, and more

Here is an overview of some of last week’s most interesting news, interviews and articles:

Anti-phishing coalition deploys real-time education program
The APWG and Carnegie Mellon University’s CUPS have deployed a real-time counter-eCrime education system designed to instruct consumers the moment they’ve been pulled into a phishing scam.

Microsoft’s Firefox add-ons blocked
Mozilla blocked, then de-blocked Microsoft’s Firefox .NET Framework Assistant add-on and the Windows Presentation Foundation plug-in, thought to put users at risk of an attack through a remote code execution vulnerability.

Web application security statistics for 2008
The Web Application Security Consortium compiled a report about web application security based on assessment projects made by various companies (Cenzic, Blueinfy, WhiteHat Security, etc.)

RSA Conference Europe 2009 opens its doors
The 10th annual RSA Conference Europe (20th-22nd October 2009) in London delivered speeches from the likes of Keith Mularski – Supervisory Special Agent at the FBI, Andy Auld – from the e-Crime Department at SOCA, Philippe Courtot – Qualys CEO, and many more. There were also topical panels and sessions in a Hot Topics Track.

Q&A: Fuzzing
A Q&A with Ari Takanen, CTO of Codenomicon, about fuzzing, a software testing technique that provides unexpected, random or invalid data to the inputs of a program.

Social media insight for the U.S. intelligence community
Visible Technologies announced a partnership with In-Q-Tel, the independent strategic investment firm that identifies innovative technology solutions to support the mission of the CIA and the broader U.S. Intelligence Community.

Gathering data and its security implications
At a roundtable at RSA Conference Europe 2009 in London, experts Dr. Herbert Thompson and John Madeline headed a stimulating discussion related to the role of the different types of data in the context of information security.

Open source penetration testing framework Metasploit acquired by Rapid7
Metasploit, one of the top open source penetration testing frameworks, has been acquired by Rapid7, a provider of vulnerability management, compliance and penetration testing solutions + information on the future of Metasploit.

Q&A: Security challenges in today’s economy
Dave Hansen, the Corporate Senior Vice President and General Manager, CA Security Management, discusses how the underground economy is impacting large organizations and tackles the good and bad sides of compliance.

Survey points out endpoint device security gaps
A threat assessment survey shows that many enterprises are still highly vulnerable to preventable security threats: inadequate data protection:, insufficient mobile access policies and lack of application control and system integrity.

DHS has a vision for stronger information security
Philip Reitinger, the U.S. Department of Homeland Security lead on all cyber operations, policy and coordination with interagency, international and private sector partners discussed DHS’ plans for the future.

96 percent of Americans in favor of video surveillance to counteract terrorism
Four out of five adults feel that in extreme cases, such as a terrorist attack, the government should be able to use any available means to protect citizens.

Suspected European cyber pirates denied Internet access without court order
The verdict is in: Europeans can be cut off the Internet for persistent file-sharing, and it can be done without a court order.

Nigeria shuts down 800 scam websites
The Nigerian Economic and Financial Crimes Commission has shut down 800 scam websites and arrested members of 18 syndicates behind the fraudulent scheme.

Understanding the risks of cloud computing: Questions to ask your service provider
Adam Bosnian, VP of Products, Strategy and Sales at Cyber Ark discusses the questions you should be posing yourself if you store your data in the cloud.

Don't miss