As the bug bounty business matures, the bounties themselves present opportunities for hacker entrepreneurs to pocket profits while developing an important blend of business skills.
Alongside key U.S. businesses, the desktop manufacturers of unofficial conference badges explain how the president’s trade war against China has put their razor-thin margins at risk.
In 2000, McGraw wrote the first book on software security, paving the way for an entire industry. With BIML, he’s shifted his attention to a new frontier: machine-learning algorithms.
Earlier this week, Marcus Hutchins, the man who helped stop the WannaCry global ransomware attack, admitted in court to developing the Kronos banking malware as... Read More...
Three patterns surface from a look at expectations for the year that turned out wrong: We got lucky, we expected too much, or we were looking in the wrong direction.
At Chaos Communication Congress, election security expert J. Alex Halderman describes the United States’ rough yet vital road toward securing its many vulnerable voting systems.
At the Web Summit, CrowdStrike CEO George Kurtz shares his sharp perspectives on political-hacking topics ranging from chatbot-seeking AI to security-inept campaign volunteers.
As veterans with cybersecurity experience struggle to find civilian jobs, employers are struggling to fill cybersecurity jobs. There’s a big opportunity here. Here’s what needs to change.
On stage at DefCon, veteran NSA leader Rob Joyce says the agency’s ability to monitor and counteract international cyberattacks relies on recruiting—and working well—with hackers.
Following the massacre from the Mandalay Bay, hotel security personnel began routinely checking rooms. They’re now clashing with privacy advocates attending security conferences.
Touring the British wartime relic, one might hear: Keep your team focused. Educate and motivate. Be wary of your enemies’ mutual tools. And use deception to keep them off your trail.
A lackluster response to speaker harassment by attendees wearing MAGA gear underscores an ongoing struggle among conference organizers to enforce codes of conduct.
Homogenous viewpoints can lead security teams to jump to conclusions or miss key details. Diversity is important. Leading into her keynote at Day of S(h)ecurity, Vijaya Kaza says changes needs to start at the grade level.
Two decades after presenting at the Senate’s first cybersecurity hearing, veteran L0pht hackers Kingpin, Mudge, Weld Pond, and Space Rogue reflect on progress and urge for much more.
To address the great talent dearth in good cyberthreat analysts, hiring managers need to move the focus of their searches from technical skills to less teachable soft skills, Simone Petrella writes.
To address cyberrisks, former Pennsylvania governor and DHS secretary Tom Ridge says the relationship between the private and public sectors needs to move from punitive to collaborative.
When consumer-facing companies don’t take reports of data leaks seriously, customers become exposed to financial fraud and identity theft as in the recent Panera Bread incident.
Without investing in technology and personnel to implement preventative measures, experts say, ransomware like the SamSam attack in Atlanta will continue to wreak havoc across computer systems and networks.
Adrián Lamo followed his conscience turning in Chelsea Manning and paid a terrible personal cost. Jonathan Hirshon remembers the humanity of the “homeless hacker,” a longtime friend.
The point of the Bishop Fox Cybersecurity Style Guide, its editor says, is to “bridge the gap between people who are writing in security, and the people who have to read that.”
Barlow, the recently departed Grateful Dead lyricist and EFF co-founder, motivated Internet usage protections from abuses of government—but not corporations.
As sexual-misconduct allegations across industries proliferate, many organizations, including hacker conferences such as CCC, are realizing that they need a better conflict resolution protocol.
The sexual advances of the infamous John T. Draper, Captain Crunch, on young men in the hacker community—”inappropriate…and awkward,” sources say—were uninvited and unwelcome.
“There’s just not enough cybertalent, not enough people with the level of expertise needed,” one expert says. Filling critical roles will mean recruiting and training outside the box.
During their 75-minute Enigma Interviews talk, moderated by The Parallax, Alex Stamos of Facebook and Eva Galperin of EFF debated how online services should protect groups with varying vulnerabilities.
While riding my motorcycle to DefCon and Black Hat, I visualized the security industry’s high-water mark—that place, Hunter S. Thompson wrote, “where the wave finally broke and rolled back.”
Good security relies on trust, which doesn’t scale well. So writes Internet pioneer Paul Vixie, as he reflects on the indictment of the man who stopped WannaCry on charges related to Kronos.
During a fireside chat in Las Vegas, Reps. Will Hurd of Texas and Jim Langevin of Rhode Island plead for proactive hacker-lawmaker collaboration and voice concerns about election security.
Our vital systems and seemingly frivolous daily communications are in need of technological scrutiny. And yet we often fail to see ourselves as targets and take action.
Machine learning, enabled by finely tuned algorithms and a plethora of data, "artificial intelligence" is quickly growing in influence among security professionals, cybercrime rings, and data-probing government agencies. Here’s how.
At hacking contests like Pwn2Own, individual hackers can shine. Participating companies, meanwhile, can find and recruit badly needed talent, as they build hacker-friendly reputations.
In a keynote speech at the ShmooCon hacker conference, computer security pioneer Gary McGraw relates seven quotes from the rock and literary icons to people working in his industry.
Proponents say it could greatly benefit marketing, personal productivity, and public-safety endeavors. Privacy watchdogs are concerned that people will misuse it in horrifying ways.
