Analysis reveals mobile apps designed to protect things like photos and passwords do a poor job, often storing them in plain text with no encryption at all.

How to compile, copy, and run mac-robber on jailbroken iOS devices

How to compile, copy, and run mac-robber on rooted Android devices

Intro to a unique approach for vulnerability research on mobile apps using traditional PC forensic tools

"Practical Malware Analysis" provides in-depth knowledge on malware analysis and includes useful lab exercises. We take REMnux for a spin with the labs

Preconfigured Linux environments provide powerful tools to aid in pen testing, mobile security testing, malware analysis, and forensics

Passive network analysis can reveal OS, service, and even vulnerabilities -- just by sniffing the network

Pen testers must get beyond just breaking in and clients need to understand how the tester's results map to business risk

Companies like to set up Internet kiosks for customers and job applicants, but their convenience can be their undoing

Baselines can be extremely valuable in knowing what's going on within your network, but they can't help if they're not created. Start with the basics and adapt to meet your needs.

DerbyCon's successful first year reminds us of what the security community is all about: sharing and learning from others, promoting new ideas, and advancing the art of security.

Italian researcher releases 0-day SCADA exploits leaving companies vulnerable to exploit. Community-based IDS signature project releases update to help detect attacks.

New Metasploit modules released during the Vegas security cons add cool new features like covert forensics and PXE boot pwnage.

Awareness campaign at DEFCON shows how easy data can be stolen from smartphones using free charging kiosks.

New research on medical device security is shining light on potentially deadly vulnerabilities.

Rewrite of WarVOX brings new features, better audio fingerprinting, and a Ruby VoIP stack that's been integrated into Metasploit.

Upcoming Metasploit Framework vSploit modules can help to identify security blindspots.

WAFs can provide a good layer of defense against attacks, but can't solve all web app sec problems as vendors would like you to think.

The biggest hurdle SMBs face with logging is actually starting. Even the most rudimentary setup can provide immeasurable value when faced with a breach.

Free, open source tools like the Metasploit Framework and w3af exemplify the power of community involvement and support.

Two new wireless security projects discussed at ShmooCon focus on bringing low-cost hardware to security researchers

Panel of security professionals discussed new tools and techniques to accelerate password cracking, highlighting need for multi-factor authentication

Exploit for SCADA software emphasizes need for organizations to review their network design, device exposure before they become a victim.

Simple statistical analysis of Web proxy logs provides wealth of information & incidents sometimes by AV.

Snorby is a new free, open-source analysis front-end to the popular Snort IDS that is fast and usable.