Often when implementing customised ModSecurity solutions we need to extend the built-in functionality via Lua scripting. One of the disadvantages to this approach is the added latency penalty paid for not using the native rules language. When web site performance is critical for business continuity, every additional millesecond counts. The current trunk code fixes a long-standing limitation where ModSecurity needed to create a new VM for each request, which added latency every time a Lua script was executed.
If you are anything like me, when you hear "Hacking in the Year 2030" you immediately visualize hacking robot armies and UFOs to take them down with lazers and ultrasonic USB attachments via your PlayStation 10 using only changes in pupil dilation to read mental instructions of what hacking tools to launch.
Well this technology may very well be around in 2030, but unfortunately most of you are more likely to still be exploiting Cross Site Scripting (XSS) vulnerabilities in the web interface of the killer robots.
Richard Brown, Pure Hacking dedicated security consultant and all round security fanatic impressed the conference organisers and participants at this year's DefCon with his innovative DefCon badge hack.
Pure Hacking's CTO, Ty Miller was invited to present at Black Hat 2012 for his third appearance as an official trainer at the world’s most high profile security event. Ty originally presented his development of “Reverse DNS Tunneling Shellcode” at Black Hat 2008 and has been an official part of the program with "The Shellcode Lab" since 2011.
Ty Miller, CTO of Pure Hacking, Australia’s leading specialist information security consultancy has been confirmed as an international speaker at the upcoming Hack in the Box security conference, 8 - 11 October, Kuala Lumpur, Malaysia. Miller will be running his internationally renowned "The Shellcode Lab" training course for penetration testers, security officers and auditors, system administrators and managers wanting to improve their shellcoding security skills. This is the first time that "The Shellcode Lab" will be available to Hack in the Box participants.
Australian business management teams have a healthy understanding and appreciation of business risk. They are aware of policy risk from a violation and implication perspective and the lending issues of capital risk. Australian IT management teams are correspondingly across the ins and outs of technical risk. However, business management and IT management teams could almost be speaking two different languages when it comes to communicating risk to each other.
Yesterday, I shared my thoughts on the steps that I believe CIOs should consider when planning for security processes and technology standards.
Today, I wanted to outline some further thoughts that Pure Hacking has had to raise the security benchmark for Australian organisations. These ideas relate to software and ensuring that CIOs know what is being developed, implemented and tested. To put it more bluntly, you need a better understanding of what you aren’t paying for in many cases.