Open Survey: Defeating Insider Threats

Open Survey: Defeating Insider Threats

We have a new survey entitled “Defeating the Insider Threat and Shoring up the Data Security Lifecycle“ Participate now Time: 10-15 minutes Prizes: 5 CCSK Tokens Goal of the Survey: Everything we know about defeating the insider threat seems not to be solving the problem. In fact, evidence from the Deep and Open Web points [...]

The Inverted Cloud of Operability

The Inverted Cloud of Operability

It may be argued that the genesis of the cloud actually evolved from the early concept of the outsourcing model, where organizations sought to place their operations in the hands of suppliers who did technology—eventually evolving into the dynamic/elastic offering we see today as the cloud, or as I see it, the “Inverted Operational Environment”—but [...]

Exploitation Demystified, Part 3: Heap-Based Exploits

Exploitation Demystified, Part 3: Heap-Based Exploits

In my previous blog post in the Exploitation Demystified series, we learned how memory corruption exploits are implemented using stack-based overflow vulnerabilities. Let’s talk now about a main alternative path: heap-based vulnerabilities. What Is the Heap? An operating system (OS) allocates memory to a computer program, with respect to the size of the data this [...]