Companies

Late To The Party, Microsoft Offers Mega Bounties For Software Bugs

Microsoft on Wednesday announced its first ever formal program to pay security researchers for finding software vulnerabilities in its newest products. The bug bounty program will launch on June 26 and be formally unveiled at the upcoming Black Hat Briefings hacker conference in Las Vegas at the end of July.  And, though late to the party, Microsoft is making up for lost time by going large. The Redmond, Washington software maker will pay researchers up to $100,000 for “truly novel” exploitation techniques that defeat protections built into the very latest version of Windows, 8.1 Preview. It will additionally pay $50,000 for ideas for defensive strategies that accompany a bypass, raising the total potential purse for an exploit and accompanying remediation to $150,000. Additionally, Microsoft announced a short-term bounty program for its Internet Explorer 11 Preview, with the company paying up to $11,000 USD for critical vulnerabilities that affect Internet Explorer […]

Continue Reading

Don’t Call It A Hack Back: Crowdstrike Unveils Falcon Platform

Lots of aspiring technology start-ups dream of getting their product written up in The New York Times or Wall Street Journal when it launches. For Crowdstrike Inc. a two year-old security start-up based in Laguna Niguel, California, media attention from the papers of record hasn’t been an issue. This reporter counted twelve articles mentioning the company in The Times in the last year, and another two reports in The Journal. Much of that ink has been spilled on stories related to Crowdstrike research on sophisticated attacks, or the company’s all-star executive team, including former McAfee executives George Kurtz (CEO) and Dmitri Alperovitch (CTO), as well as former FBI cybersecurity chief Shawn Henry (Crowdstrike’s head of services), who left the Bureau in April, 2012 to join the company. For much of that time, Crowdstrike has been known mostly as a security services and intelligence firm, but the goal was always to […]

Continue Reading

Fraud Analytics: You’re Doing It Wrong!

One of the most vexing problems in computer security today is distinguishing malicious from legitimate behavior on victim networks. Sophisticated cyber criminals and nation-backed hacking groups make a point of moving low and slow on compromised end points and networks, while victim organizations are (rightly) wary of disrupting legitimate business activity for the sake of spotting a breach. In this Security Ledger Podcast, Paul interviews Jason Sloderbeck, Director of Product Management at RSA, EMC’s security division.  Jason talks about RSA’s Silvertail fraud analytics technology, and the organizational and technology issues that keep victims from spotting attacks. One of the big mistakes organizations make when they investigate attacks, Sloderbeck said, is focusing too narrowly on a point in time during a web session that is felt to be a good indicator of compromise – like when a user authenticates to a service or “checks out” on an e-commerce web site. “There’s a whole […]

Continue Reading

Wardriving Goes Corporate: Comcast Turning Residential WiFi Into ‘Millions of Hotspots’

One of the big challenges to the growth of the “Internet of Things” is access. It goes without saying that, without access to the Internet, almost all of the benefits of connected devices disappear. Your smart phone becomes a dumb phone. Your ‘net connected watch or running shoes or car scream into the void – trying desperately to connect to a network that isn’t there. Here in the U.S., that problem has typically been addressed by routing traffic through 3G or – depending on where you live – 4G wireless networks. However, access to those networks is spotty, especially in the sparsely populated Western U.S. According to a survey by the U.S. Federal Communications Commission (FCC), much of the Western U.S. is a 3G wasteland, with little or no access to broadband wireless networks. One solution is to tap the loose network of residential broadband subscribers, allowing them to peel […]

Continue Reading

Welcoming A New Sponsor: Gemalto

Just a note to my loyal readers that The Security Ledger is welcoming a new sponsor this week: Gemalto. If you’re not familiar with them, Gemalto NV (GTO) is a ~3B firm that makes a wide range of software for e-identity documents, chip payment cards, network authentication devices and wireless modules, as well as the software to manage confidential data and secure transactions in the telecommunications, financial services, e-government, and information technology security markets. This is an especially exciting win for The Security Ledger because Gemalto, with 10,000 employees and offices in 46 countries is a key supplier to the global Internet of Things. Products like its Protiva platform provide the foundation of trust that undergirds online person-to-machine and machine-to-machine transactions and exchanges of all kinds: on mobile devices, smart cards, medical devices, automobiles and more. We’re really excited to have Gemalto on board as a Security Ledger sponsor. Please join […]

Continue Reading
1 264 265 266 267 268 285