07:51 AM

RSA Conference 2013: Complete Coverage

A round-up of articles from RSA Conference 2013, Feb. 25 - March 1, San Francisco

RSA Conference 2013

>> Using Intelligence Against Companies That Benefit From Cyberspionage
'Naming and shaming' the ultimate beneficiaries of stolen trade secrets can work

>> White House Cybersecurity Czar: New Executive Order A 'Down Payment'
Michael Daniel says President Obama's Executive Order on Cybersecurity sets the stage for cybersecurity legislation for protecting critical infrastructure

>> Secure Development: Must-Do Or Money Pit?
At the RSA Conference, two software security specialists debate over whether the cost of secure programming is too much for most companies, recommending simple steps to improve development >> Governance Without Metrics Is Just Dogma
Entertaining RSA Conference panel titled 'Why U No Haz Metrics' discusses the importance of measuring security controls against exposure to loss

>> Desktops-As-A-Service Boost Security, But Beware
At RSA session, panelists argue that companies can better protect sensitive data and systems by using virtual desktop infrastructure, but warn that everything relies on the quality of the hypervisor

>> Using DevOps To Upgrade Application Security
The techniques of the DevOps movement designed to bring developers and IT operations into closer alignment for more agility can also be a huge boon for app sec, RSA panelists say

>> Blog: Cool Tech's First Showing At RSA Conference 2013
Learn more about the unsung heroes that showcased their new solutions at the RSA Conference 2013. You may find something you didn't know you needed

>> Tale Of Two Compromises Provides Lessons For SMBs
The stories behind the hacking of a startup's CEO and a journalist, as told at the RSA Conference, provides small and midsize businesses with good tactics to secure their businesses

>> Researchers Solicit Sinkhole-Sharing Among Researchers
Dell SecureWorks researchers will provide their homegrown tools in open source to researchers from other companies and organizations

>> A Vulnerability Disclosure Game Changer
Two new ISO standards will push third-party developers, online service providers and even hardware vendors to stop ignoring vulnerability disclosures

>> 5 Lessons From The FBI Insider Threat Program
Finding ways to improve enterprise insider theft detection and deterrence

>> SCADA 'Sandbox' Tests Real-World Impact Of Cyberattacks On Critical Infrastructure
New testbeds would help operators test software patches as well

>> FBI Director: ID And Deter Attackers 'Behind The Keyboards'
Finding LulzSec's 'Sabu' a prime example of tracking down cybercriminals, official tells RSA Conference 2013 attendees

>> China's Cyberespionage Will Continue Unabated, Say Experts
The U.S. government will be slow to act against aggressors who attack through the Internet, predict policy and China experts at RSA

>> Segmentation Can Increase Risks If Firewalls Aren't Managed Well
The multiplication of internal firewalls to comply with regulations and minimize risk to critical databases and applications has created a rat's nest of firewall configuration issues

>> Stuxnet, The Prequel: Earlier Version Of Cyberweapon Discovered
Symantec finds 'missing link' in infamous Stuxnet malware that sabotages another piece of equipment in Iranian nuclear facility -- attackers became more aggressive as campaign ensued

>> Cloud Security Falls Short ... But Could Be Great
A combination of immature security tools, weak partnerships, and a lack of strong commitment to security leaves cloud service firms short of providing strong protections

>> RSA, Juniper Team Up In Threat Intelligence-Sharing
Intelligence-sharing among vendors -- and about attacks on vendors -- key to thwarting today's attacks, officials say

>> Google Security Vulnerability Allowed Two-Step Verification Bypass
Researchers at Duo Security detailed an attack that could have allowed a hacker to hijack a user's Google account

>> Investors Value A Company's Cybersecurity Record
New HBGary report says majority of U.S. investors steer clear of investing in companies that have suffered multiple data breaches -- and they worry more about theft of customer data than intellectual property

>> Businesses Feel Impact Of IT Security Skill Shortage, Study Finds
(ISC)2 workforce study shows lack of cybersecurity personnel, resources affects bottom line

>> More Improvements To SIEM Than Big Data
For big companies looking to spend big budgets, the Big Data pitch for security information and event management (SIEM) systems is a good fit. But other improvements are on the way

>> You're A Piece Of Conference Meat
Every year folks get hacked off about seeing booth babes at big industry shows. Yet, it seems too many don't understand why these ladies are there and how to disrupt these marketing tactics

>> RSA: What To Watch For And What Vaccinations To Get Before Rocking The Casbah
Pro tip: It's not threats, it's not capabilities -- it's integration

RSA Conference 2012 Coverage

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-01-29
VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.

Published: 2015-01-29
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.

Published: 2015-01-29
The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a guest OS denial of service via unspecified vectors.

Published: 2015-01-29
vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of service via unspecified vectors.

Published: 2015-01-29
Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) horder[], (2) jak_catid, (3) jak_content, (4) jak_css, (5) jak_delete_log[], (6) jak_email, (7) jak_extfile, (8) jak_file, (9) jak_hookshow[], (10) j...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.