Podcasts about secunia

Slides Here: https://www.defcon.org/images/defcon-22/dc-22-presentations/Kouns-Eiram/DEFCON-22-Kouns-Eiram-Screw-Becoming-A-Pentester-Bug-Bounty-Hunter-UPDATED.pdf Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty Hunter! Jake Kouns CISO, RISK BASED SECURITY Carsten Eiram CHIEF RESEARCH OFFICER, RISK BASED SECURITY Everywhere you turn it seems that companies are having serious problems with security, and they desperately need help. Getting into information security provides an incredible career path with what appears to be no end in sight. There are so many disciplines that you can choose in InfoSec with the fundamental argument being whether you join Team Red or Team Blue. Most people tend to decide on the Red team and that becoming a professional pentester is the way to go, as it is the most sexy (and typically pays well). However, with bug bounties currently being all the rage and providing a legal and legitimate way to profit off vulnerability research, who really wants to be a pentester, when you can have so much more fun being a bug bounty hunter! Researcher motivation in the old days and options for making money off of vulnerabilities were much different than today. This talk analyzes the history of selling vulnerabilities, the introduction of bug bounties, and their evolution. We cover many facets including the different types of programs and the ranges of money that can be made. We then focus on researchers, who have currently chosen the bug bounty hunter lifestyle and provide details on how to get involved in bug bounty programs, which likely pay the best, and which vendors you may want to avoid. What constitutes a good bug bounty program that makes it worth your time? What do you need to know to make sure that you keep yourself out of legal trouble? Ultimately, we’ll provide thoughts on the value of bug bounties, their future, and if they can be a full-time career choice instead of a more traditional position such as pentesting. Jake Kouns is the CISO for Risk Based Security and the CEO of the Open Security Foundation, that oversees the operations of the OSVDB.org and DataLossDB.org. Mr. Kouns has presented at many well-known security conferences including RSA, DEF CON, CISO Executive Summit, EntNet IEEE GlobeCom, FIRST, CanSecWest, SOURCE and SyScan. He is the co-author of the book Information Technology Risk Management in Enterprise Environments, Wiley, 2010 and The Chief Information Security Officer, IT Governance, 2011. He holds both a Bachelor of Business Administration and a Master of Business Administration with a concentration in Information Security from James Madison University. In addition, he holds a number of certifications including ISC2's CISSP, and ISACA's CISM, CISA and CGEIT. Twitter: @jkouns Carsten Eiram is the Chief Research Officer of Risk Based Security and previously worked 10 years for Secunia, managing the Research team. Carsten has a reverse engineering background and extensive experience in the field of Vulnerability Intelligence, referring to himself as a vulnerability connoisseur. He has deep insights into vulnerabilities, root causes, and trends, and is also an avid vulnerability researcher, having discovered critical vulnerabilities in high-profile products from major vendors including: Microsoft, Adobe, Symantec, IBM, Apple, Novell, SAP, Blue Coat, and Trend Micro. Carsten has been interviewed for numerous news articles about software security and has presented at conferences such as FIRST Conference, RSA Conference, DEF CON, RVAsec, as well as keynoting Defcamp 2013. He is also a regular contributor to the "Threat of the Month" column in SC Magazine, a credited contributor for the "CWE/SANS Top 25 Most Dangerous Software Errors" list, and member of the CVE Editorial Board and FIRST VRDX-SIG. Twitter: @CarstenEiram

Advice from Bob; The problems with qualitative risk assessments; Defending like an attacker; Secunia’s vulnerability review;  Watching for data breaches by looking for anomalies; The NSA targets sysadmins, expect criminals to follow suit; Insurers are finding energy firms controls are not up to snuff; 4 lessons CIOs can learn from the Target breach; A court … Continue reading Defensive Security Podcast Episode 60 →

In this week's Chet Chat Kris Braun SophosLabs Threat Operations Manager joins Chet to discuss the week's news. Topics include OS X Lion, Oracle patches, Zeus for Android and Secunia's mid-year threat report.

Defcon unvites Feds, Secunia - VLC FIGHT!, Emergency Alert System. HD Scans Again, HP PreOwned, Bounty better than FTE, Anon Hits 

Unsecured WiFi may become illegal New York, Google Base Porn Fixed, Webcrawler, ICANN xxx scrapped, Sony DRM Update, Albums with Sony "rootkit" on them, DRM defeated by sticky tape, GPL License, NY AG found CDs still on shelves/being sold, 300Gb DVD-like disk, Outsourcing to Rural Areas, $100 laptop update, Pandora, Firefox 1.5, Gizmo Project Voicemail, Yahoo Mail Beta + RSS Feeds, IE Trojan, Secunia advisory for IE flaw