Chris Soghoian, who was recently hired as the ACLU's first-ever principal technologist, has never been afraid to ruffle the feathers of the corporate establishment when it comes to privacy and security issues.
Valerie Aurora and Mary Gardiner have united to form a decade-long collaboration on a variety of "women in open source" advocacy projects, including developing anti-harassment policies at conferences.
Ron Ross is helping to lead the development of new standards and controls that security professionals can use to safeguard their organizations against today's internet threat paradigms.
Michael Coates, director of security assurance at Mozilla and chairman of OWASP, is a steadfast supporter of open-source methods to safeguard users against security and privacy threats.
Gabriella Coleman, professor at McGill University in Montreal and avid observer of the Anonymous online collective, has become one of the pre-eminent thought leaders on the hacktivist culture.
Software architect Troy Hunt explains how a common Facebook spam campaign functions.
To get a better understanding of how the show is shaping up, we caught up with Trey Ford, the newly appointed general manager of Black Hat, who discussed his transformation from booth babe to conference organizer, how the numbers stack up this year, which sessions are on his can't-miss list and why the parties are just as important to attend as daytime talks.
Tom Kellermann, vice president of cyber security at Trend Micro, joined me on the SC Magazine podcast to discuss an APT campaign known as IXESHE, which is going after sensitive targets from Asia to Germany. But its command-and-control infrastructure really is what makes it special.
If a data breach occurs, when are companies more likely to be sued by consumers or employees? A Carnegie Mellon University researcher joined me on the SC Magazine Podcast to discuss.
Awareness training is finally becoming more about security and less about compliance, as SANS instructor Lance Spitzner discusses in this SC Magazine Podcast episode.
An associate professor of reliability engineering and an associate professor of criminology have teamed up to study how the social makeup of a computer network correlates with the attacks used against it.
In this podcast, Access' Gustaf Bjorksten discusses why the SSL system has failed and what is necessary to improve its existing design and implementation. He helped author a call-to-action paper, and believes the future trust and privacy of the internet relies on finding a solution.
The process of delivering targeted attacks to end-users has gotten easier for attackers thanks to automated social engineering, in which adversaries can write tools that scour the web for personal data to include in their emails to increase their believability. The goal, of course, is to design messages that people are more likely to click on and, as a result, install malware on their machines or divulge personal information. In this podcast, Matias Brutti, a security consultant at security services firm IOActive, explains what the automation of social engineering means for organizations and how they can fight back.
The University of Washington is thinking outside of the box when it comes to educating computer science students about information security. In this edition of the SC Magazine podcast, associate professor Yoshi Kohno explains how instructors are using "science fiction" to force students to think critically about the discipline. Considering how quickly technology evolves, how often threats change and how wide a scope the security field encompasses, pupils must use out-of-the-box thinking if they are to succeed upon graduation.
A number of universities have launched curricula in computer science, but noticeably absent are courses, even electives, that specifically address malware. In this edition of the SC Magazine podcast, George Ledin, a computer science professor at Sonoma State University in California, explains why not teaching malware at the college level can have a huge, negative impact on data security. Ledin - who just penned an essay on the topic - also takes on his critics, who argue that educators either lack the resources or time to educate students on malware, or that teaching about malicious code is taboo.
Katie Moussouris, senior security strategist lead at Microsoft, discusses the software giant's recently announced Blue Hat competition, which offers $250,000 in cash and prizes to the winning researchers who develop advanced technologies to defend Windows against entire classes of vulnerabilities that can be exploited to bypass the platform's existing mitigations. Moussouris describes how Microsoft came up with the idea, why defensive research is just as important as one-off vulnerability discoveries and how the oft-cynical research community is reacting to the contest.
In this episode, Michael Cotton, chief network security architect of Digital Defense, explains why targeted cyberattacks are on the rise and why many organizations are failing to recognize this increasing threat. Cotton offers a list of corporate actions that may incite such an attack and suggests some remedies for staying out of the hackers' crosshairs and being compromised. Hint: Uninstall the programs your employees don't need.
To kick off SC Magazine's revamped podcast series, Executive Editor Dan Kaplan speaks with Kirill Levchenko, a project scientist at the University of California, San Diego, who is co-author of a new research paper that investigates the payment handling portion of the spam chain. Levchenko and 14 others argue in the paper that much of the anti-spam focus over the years has been on technical controls when, in fact, hitting the spammers and their affiliates where it hurts the most -- in their pockets -- may be the best approach.
