Not to be outdone by Neohapsis Labs, NSS Labs also enters the fray with their blog, Security Product Testing.  Again, I think that NSS Labs (like Neohapsis Labs) has been blogging for awhile, but it has picked up more pace lately.
In the past, the TS/SCI Security blog staff were invited as guests by Martin McKeay […]

At last year’s Blackhat US 2007, the dominant discussion was around Joanna Rutkowska and Alex Tereshkin’s “New Blue Pill” vs. Peter Ferrie, Nate Lawson, and Tom Ptacek’s VT-x Rootkit Detection techniques.  This included some follow-up material on the Matasano blog including Side-Channel Detection Attacks Against Unauthorized Hypervisors and some confusion by Rich Mogull which led […]

The fine folks over at Neohapsis Labs appear to have a new blog focused on security related information.  Technically, I guess they’ve had it up since January, but the posts are more frequent now.  I just added them to my RSS feeds.
Both Mike Murray and Cris Neckar have posted some interested tidbits ranging from technical […]

What started as a simple DoS against the RIAA through a SQL injection vulnerability, originally posted to Reddit in tinyurl form.
UNION ALL SELECT BENCHMARK(100000000,MD5(’asdf’)),NULL,NULL,NULL,NULL%20–
led an attacker on to dump their entire database. I sure hope they don’t have backups — part of me thinks they deserve it and wants them to suffer… muwhahaha

In my earlier article on Using Google Analytics to Subvert Privacy, I demonstrated how dangerous free tools could be to match privacy information to web clicks.
But now that Google has updated their Analytics service to support internal search queries, you can now link user privacy information to search data, as well. Now everyone can […]