Lisa Vaas

LAS VEGAS—When it comes to rootkits, nothings undetectable, and much less so a virtualized rootkit. Or is it? At Black Hat here Aug. 1, a group of researchers including Symantecs Peter Ferrie, Nate Lawson and Matasanos Thomas Ptacek launched what they hoped would be a full-body tackle of Joanna Rutkowskas “100% Undetectable” Blue Pill virtualized […]

Undercover Dateline Reporter Outed, Flees from Defcon”> LAS VEGAS—The Defcon hackers convention has been infiltrated. NBC Dateline sent at least one undercover reporter to pose as a normal show attendee on the first day of the show, Aug. 3. The reporter came with a hidden camera in her purse and a goal in mind: to […]

LAS VEGAS—Joanna Rutkowska has posted her Blue Pill virtualized rootkit for free and open download here, she said during her presentation-cum-skeptics-slapdown at Black Hat on Aug. 1. Researchers at Matasano earlier in the day delivered presentations on ways to detect the virtualized rootkit in a session titled “Dont Tell Joanna, The Virtualized Rootkit Is Dead.” […]

LAS VEGAS—I just sat down with Danny Allan, director of security researcher at Web application security company Watchfire, and he summed it up: For the first time in years, people are walking out of Black Hat presentations shaking their heads, having learned about new classes of vulnerabilities for which there’s simply no solution. No workaround, […]

Mozilla has distilled what its learned from pounding its Firefox browser and will release its home-brewed knowledge in a series of open-source tools, the first of which is a JavaScript fuzzer that will be released at the Black Hat conference in Las Vegas Aug. 2. Security chief Window Snyder will detail the “gory details” of […]

LAS VEGAS—Just hours before security researcher Charlie Miller was set to disclose the iPhone’s first security holes at Black Hat here on Aug. 1—regardless of whether Apple had patched the hole or not—Apple issued a monster update that snapped the holes shut. Apple issued patches for around 50 security vulnerabilities affecting its Safari browser, the […]

LAS VEGAS—Richard Clarke remembers standing in the Oval Office and handing President George W. Bush a letter regarding what the nation should do to secure cyberspace. “I think he signed it. I dont think he read it. I dont think he knows what it was,” Clarke said during his keynote here at the Black Hat […]

Mozilla has fixed serious URI-handling holes in Firefox that, if left unpatched, leave a system open to hijacking. The maker of the open-source browser is “strongly” recommending that all Firefox users upgrade immediately. Firefox isnt alone in suffering from these browser bugs—Netscape Navigator is also vulnerable. July brought two sets of URI-handling headaches to Mozilla. […]

The fur is flying over a presentation, planned for Black Hat in Las Vegas Aug. 1, that security firm iSEC says will demonstrate how easy it is to break forensics software. Forensics tools such as Guidance Softwares EnCase are used by law enforcement, enterprises and national security agencies for data recovery and investigation. As iSEC […]

Another body blow was struck to the already lousy reputation of U.S. e-voting when the office of California Secretary of State Debra Bowen on July 30 published investigation results showing that three major e-voting systems are liable to having their accuracy, security and/or integrity compromised. Three systems flunked in the hastily conducted examinations: Diebolds GEMS […]