Black Hat

One year after launching three security programs designed to improve security industry-wide, Microsoft is finding that more security patches are beating exploits out the door.

Meanwhile, the Microsoft Security Response Center said that of the 50 security bulletins it published from October 2008 to June 2009, patches were released in response to 138 vulnerabilities. Of those, 17 had public exploit code available at the time of the release, and for 67, consistent exploit code was likely to be written, according to the software giant.

The news comes after Microsoft announced on Friday that it would be releasing security updates on … Read more

My favorite security show each year is one at which there are no sales pitches, the speakers favor black T-shirts and dyed hair over suits and ties, and the talks tend to be controversial enough to prompt legal threats and even arrests.

I'm talking about Defcon, which starts Thursday and runs through Sunday. The event turns part of the Las Vegas strip into a geek equivalent of "Animal House" for a three-day weekend every summer.

Started in 1993 by Jeff Moss, aka Dark Tangent, Defcon brings together some of the top security experts from around the world, … Read more

During their presentation at the Black Hat and Defcon hacker conferences next week in Las Vegas, security experts will release a tool that can be used to break into Oracle databases.

Chris Gates and Mario Ceballos will present Oracle Pentesting Methodology and give out "all the tools to break the 'unbreakable' Oracle as Metasploit auxiliary modules," according to a summary of their presentation on the Defcon Web site.

The tools are designed to help companies determine whether their systems are vulnerable, Gates said in an e-mail response to questions from CNET News. "There wasn't a good … Read more