Friday, May 09, 2008

A pair of podcast interviews

1) In the Security Bites podcast with Rob Vamosi (transcript) of C-Net I describe what’s new and interesting about the recent malicious mass scale SQL Injection attack. This is where website DBs are loaded up with malicious JavaScript exploiting browser based vulnerabilities, the so-called drive-by-downloads. Reports are saying 600,000 or so pages are infected with several high provide targets (UN, DHS, USAToday, etc.) on the hit list.

2) During RSA I spent some time with Help Net Security guys answering question about my favorite infosec conferences and what they have to offer. Of course each has a different focus for the content and the audience, so it just depends on what you are into.


Anonymous said...

If you were only able to attend one conference for technical information on security, which would it be? Vote at

Jeremiah Grossman said...

Black Hat, ToorCon, Defcon, AppSec, and HiTB, and while I hear good things about CanSecWest, I'm going to have to go with Black Hat.