A security researcher was arrested in Florida for publicly disclosing a SQL injection (SQLi) vulnerability in an election web server. Should we be up in arms that they're demonizing someone helping organizations patch flaws, or upset that the "hacker" is poking his nose where he shouldn't? Normally, I side immediately with researchers, but this case is a little gray. Watch … [Read more...]
Whitehat Finds Blackhat on Facebook – Daily Security Byte EP. 252
Bug Bounty programs are great ways for companies to get security researchers to help find and fix vulnerabilities in their products or infrastructure, but no one expected them to also reveal hackers in your network. Watch today's video to hear how one pen-tester found more than he bargained for when researching Facebook's network. (Episode Runtime: 3:38) Direct YouTube … [Read more...]
Plane Hacking Hijinks – Daily Security Byte EP.85
Last month a security researcher was detained from a flight for allegedly making a silly plane hacking joke on Twitter. The latest news suggest his research was more than a just a joke. Watch today's video to learn what he's accused of and why I think he was irresponsible. Quick show note: I'll be traveling to speak at a conference this week. I'll try to keep my daily video … [Read more...]
Heartbleed Bug- WSWiR Episode 102
April Patch Day, Raided Pen-Tester, and OpenSSL Heartbleed Information security news never stops, even if I have to post it from a Changi Airport lounge. If you need to learn the latest cyber security news, including what to do about the biggest vulnerability of the year (so far), you've found the right weekly video blog. This week's "on-the-road" episode covers Adobe and … [Read more...]