Posts Tagged With ‘Information Security Updates’


Changes in Economic Climate and Business Landscape Call for a New Strategic Business Development Process – Wargaming

Fewer resources and smaller budgets are motivating Chief Information Security Officers (CISOs) to transition from an operational executive into a strategic business partner. To excel in today’s evolving and complex business landscape, CISOs must look for a new strategic business development process, such as Business Wargaming. Wargaming will help provide a holistic view of prospective scenarios, create a proactive development plan and an improved reactive strategy.

January 27, 2012, Albuquerque, NM- Today EC-Council releases a new White Paper that introduces an alternative method to conventional CISO practices. As the business landscape becomes more complex and adjusts to stricter policies, increased competition, budgets cuts and limited resources those in the Chief Information Security Officer (CISO) position must develop a strategy that will accommodate and meet the needs of the organization. Business wargaming will help the CISO develop a plan where they can foresee future challenges, predict the moves of their competitors and stay ahead of prospective obstacles.

Nitin Kumar, global executive and managing consultant, published a White Paper “Wargaming for CISOs” in EC-Council’s CISO Series of White Papers, he stresses, “To excel in this new business landscape, CISOs need to look at a new strategy development process which will help making decisions realistic at a minimal risk and achieve full strategic and operational alignment.” To read the white paper, please visit: http://goo.gl/XQPFa

In this White Paper, Nitin Kumar reviews the shortcomings of the conventional CISO strategy and guides the reader through the development of the wargaming strategy by examining wargame types, levels and execution. He suggests ideal circumstances for wargaming and highlights benefits of using this strategy. The White Paper includes tactics that will help the CISO manage the challenges and high demands that come with the role.

Business wargaming adapts the art of simulating moves and counter-moves in a commercial setting. Business war games are a relatively recent development, but they are growing rapidly, and the time has come for CISO organizations to adopt this technique in order to stay ahead of the game.

The CISO position has been around for less than a decade. In that time it has evolved dramatically. Neira Jones, head of payment security for Barclaycard, said in the article “How the Role of the CISO Must Evolve to Balance Risk and Business”, due to the changing business landscape, “The CISO needs to evolve from an isolated subject matter expert and analyst to a trusted advisor on how technology can improve business; to an integrated business thinker, facilitator, leader, evangelist and educator.”

Business Wargaming will help executives develop plans that meet their strategic goals, create competitive advantage, and elevate the pressure felt by the complex and ever-changing nature of today’s business landscape.
EC-Council is committed to providing Information Assurance Executive Professionals with the latest Information Security news and trends from the industry’s leading experts. If this White Paper is of interest, it is encouraged to also look into EC-Council’s Certified Chief Information Security Officer (C|CISO) Certification and EC-Council’s CISO Executive Summit Series.

Contact:

Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council’s Chief Information Security Officer (C|CISO) Certification:

C|CISO is the first certification of its kind to equip Information Assurance leaders with the most effective toolset to defend organizations from cyber attacks. It recognizes an individual’s accumulated skills in developing and executing an information security management strategy in alignment with organization goals. Applicants can take advantage of the Grandfather Provision until September 2012. The Grandfather Provision is open to highly-skilled and experienced professionals who can demonstrate and prove proficiency in the 5 C|CISO domains. For more information about C|CISO, please visit: http://www.eccouncil.org/ciso

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst /Licensed Penetration Tester certification and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit www.eccouncil.org, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.


Global Increase in Outsourcing Leaves Companies Open to Information Security Breaches

Companies must find ways to manage the benefits and risks of outsourcing as almost two-thirds of Information Technology (IT) infrastructure is predicted to be outsourced within the next 8 years. EC-Council CISO Summit panel discussion suggests that increased information security compliance plans, continuous education, and knowledge sharing may prove to be the best solution.

January 23, 2012, Albuquerque, NM- Global economic troubles have motivated many companies to seek alternative means of conducting business that will cut costs and maximize profits. One of the most popular and effective methods is outsourcing Information Security (IS) infrastructure. According to a recent study commissioned by Savvis, Inc. this number is predicted to increase from 17% to over 64% globally by 2020. Security outsourcing has its benefits; however, it also comes with an array of risks.

Jeff Tutton, President of Global Security and Compliance at Intersec Worldwide, recently lead an interactive panel discussion centered on outsourcing and information security management at EC-Council’s Inaugural CISO (Chief Information Security Officer) Executive Summit in Las Vegas held from Dec 5-6th. Jeff Tutton was joined by Todd Bell, Executive IT Security Advisor, ConnectTech, LCC, Inno Eroraha, Founder & CEO, NetSecurity Corporation, Chris Oglesby, Senior VP, Knowledge Consulting Group, and Edward Ray, CISO, MMICMAN, LLC. The panel discussion addressed the challenges of managing risk and monitoring the outsourcing company’s performance, while complying with recent industry changes such as SAS70 and PCI compliance. To view an interactive video of the panel discussion, please visit: http://goo.gl/SwxEj

“The challenges of outsourcing are similar to those you may have with the acquisition (insourcing) process. When acquiring a new company you need to ensure that due diligence has been completed prior to acquisition and integration, as you now will be responsible for the security of that company’s data. This is the same with outsourcing,” said Tutton. “Hire a trusted and qualified third party to complete a thorough evaluation of the outsourcing company. But don’t just stop there, put in place methods and controls to monitor and maintain the security of this data during the entire lifecycle. Trust but verify, and assign responsibility to a qualified person within your organization to manage and maintain oversight of security. Another option is to outsource only the data and systems that you want to end up in the public domain.”

Tutton’s panel discussion presented a detailed overview of the benefits and challenges of outsourcing in respect to Information Security (IS). Globally, over 60% of organizations cite that managing the IT infrastructure domestically does not have any competitive advantages and are planning to move operations offshore. However, many offshore companies do not have the same legal restrictions as the United States. For instance, India, one of the biggest destinations for offshore outsourcing, does not have any data privacy laws. This lax in law enforcement leaves confidential information vulnerable to security breaches.

Last year, Epsilon, a cloud-based email service provider, suffered a security breach that landed up affecting around 75 clients and compromised over 60 million personal names and email addresses. Security breaches such as this can be extremely costly and detrimental to a company’s reputation.

“If an organization is looking to do a large infrastructure outsourcing engagement, the best way to ensure that security is a priority is to build a comprehensive list of security requirements into outsourcing contracts, develop appropriate service level agreements and reporting mechanisms to evaluate security and budget for a review by an independent assessment organization – this will ensure that security always stays top of mind,” said panel speaker Chris Oglesby. “If, however, the decision is to outsource infrastructure and security separately then the security operations should drive the direction and outcomes and create independence between the organizations to meet the client needs.”

In the future, companies need to employ executive IS leaders who will develop methods to adequately protect their IT infrastructure when outsourcing in-house responsibilities. Platforms, such as EC-Council’s CISO Summit Series, provide a means for top-level IS executives to gather and discuss the latest industry challenges. Continuous education and knowledge sharing will provide solutions to the quandaries top-executives face on a daily basis. For more information on upcoming EC-Council CISO Executive Summits, please visit: http://www.eccouncil.org/cisosummit.

Contact:

Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council CISO Executive Summit Series:

EC-Council CISO Executive Summit Series strives to unite the top Information Security (IS) leaders across the world in the fight against cyber crime and IS threats, while providing a platform for continuous learning where the most recent Information Security threats and landscape evolution can be discussed and debated.‬ Designed by EC-Council, the 1st in the CISO Executive Summit Series made its debut in Las Vegas, NV in December 2011. Due to the nature of the discussions, all CISO Summits are closed-door events open only to senior information security executives (C-levels, VPs, Senior Directors, etc.). http://www.eccouncil.org/cisosummit

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) and Certified Chief Information Security Officer (C|CISO). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. For more information about EC-Council visit www.eccouncil.org, follow @ECCouncil on Twitter, LinkedIn or visit EC-Council’s Facebook page.

http://www.eccouncil.org/ciso/


EC-Council to Host Advanced Technical Security Summits in Alexandria and San Jose

Following the success of its inaugural advanced training summit last year, the EC-Council is expanding the EC-Council Summit to two new cities this year. The EC-Council Summit, formerly known as the CAST Summit, is a highly technical and advanced training workshop that offers IT professionals the chance to acquire critical cybersecurity skills in intensive three-days highly technical training workshops. This upcoming series will feature the world renowned Certified Ethical Hacker (CEH) v7, advanced penetration testing, advanced mobile hacking and forensics, advanced application security and advanced network defense. EC-Council Summit will take place March 19-22 in Alexandria, Virginia and March 26-29 in San Jose, California.

ALBUQUERQUE, NM – The Center of Advanced Security Training (CAST) – the advanced training division of EC-Council – announces the next installment of its successful advanced training series ‘EC-Council Summit’ (formerly known as CAST Summit) March 19-22 in Alexandria, Virginia and March 26-29 in San Jose, California. This series of summits feature five highly technical workshops in ethical hacking, penetration testing, mobile hacking/forensics, application security and network defense.

The highly technical training series first debuted in August 2011 in Washington, D.C. and is now being expanded to new cities this year following the strong reception it received among IT professionals.

EC-Council Summit is a unique training opportunity that gives attendees the chance to undergo an intense three-day ‘deep dive’ in five critical IT security fields with top industry experts. Unlike other training events where students are rushed through short presentations, the EC-Council Summit provides a unique opportunity to be immersed in key subject areas, with comprehensive training modules and a heavy focus on hands-on technical training and hacking labs, taught by the very best in their fields.

“EC-Council Summit is expanding its offerings this year following the remarkable turnout and success we had at the inaugural event last summer,” said Leonard Chin, Director of CAST and EC-Council Conferences & Events. “With an exponential increase of cyber threats facing businesses and government agencies, from the lone hacker armed with easily accessible hacking tools, hacktivists with malicious intents, to Advanced Persistent Threats (APTs), offensive security training has never been more important than it is today. 2011 was called the ‘year of the hack’, but 2012 could be even worse due to the proliferation of hacking tools and the increasing popularity of the hacktivism movement. IT professionals must adapt themselves to this changing threat environment in order to safeguard the information assets of their companies and organizations.”

The goal of EC-Council Summit is to prepare security professionals, such as penetration testers and network security administrators, to use advanced hacking techniques in order to better identify and prevent threats before they impact a company or organization. Participants will walk way with a firm grasp of offensive security strategies and techniques, industry best practices, how to develop a secure baseline, how to harden enterprise architectures from the most advanced attacks, and how to reduce the capabilities of APTs.

Five three-day workshops, followed by a highly technical one-day seminar on key security subjects, will be hosted in each city on the following IT security topics:

For more information about the EC-Council Summit series, please visit http://www.eccouncil.org/summit.

ABOUT CAST:

The Center of Advanced Security Training (CAST) was developed by EC-Council (http://www.eccouncil.org), in conjunction with cybersecurity experts, to address the need for highly technical and advanced security training for information security professionals. Instructed by EC-Council’s select group of master trainers, CAST offers hands-on, lab intensive courses that cover the security industry’s top domains, including advanced penetration testing training, digital mobile forensics training, advanced application security training, advanced network defense training, crimeware attribution, web application security training, and more. CAST is hosted at various international events, including EC-Council’s flagship Hacker Halted and TakeDownCon conference series.

ABOUT EC-COUNCIL:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) certification. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members.

EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico. More information about EC-Council is available at http://www.eccouncil.org.


EC-Council’s Inaugural CISO Executive Summit Develops Guidelines to Address Challenges of 2012’s IT Mantra “Doing More with Less”

High unemployment and increased economic uncertainty has forced top-level Information Security executives to utilize alternative technology and invest in the existing workforce creating an onslaught of new security issues.

January 9, 2012 Albuquerque, NM- The New Year brings an unfamiliar set of challenges for executive-level Information Security (IS) professionals. The troubled economy and increased economic uncertainty has led many to seek alternatives to doing more with less. However, new initiatives such as implementing more cost efficient technology, with cloud computing being top-of-mind for many executives, and investing in existing resources, like the workforce, come with a set of security and training challenges.

 

These issues were addressed at EC-Council’s Inaugural CISO (Chief Information Security Officer) Executive Summit 2011 in Las Vegas, NV held from December 5-6th. Over 40 prominent top-level executives from the private, public, and government sectors gathered to collaborate on ways to overcome these obstacles. The corporations and agencies included: IBM, Motorola, TransUnion, Abu Dhabi Securities Exchange (ADX), Sallie Mae, Blue Cross Blue Shield, Deloitte & Touche, U.S. Department of Treasury, U.S. Army Reserve and Department of Defense.

 

The need for increased Information Security arises as executives look for more cost-cutting technology and invest in existing assets to stay competitive in 2012. As Pearl Zhu, CEO, COO, Chairman, and President of Brobay stated in the article 2012 IT Tea Leaf Reading: The Year of Wisdom, “Businesses are facing unprecedented uncertainties, accelerated changes and hyper-competitive global competitions.” Many organizations in 2012 will focus on software automation and cloud solutions, which provide convenience and cost-efficiency.

The topic of responsible implementation of cloud computing in terms of information security was one of the focus areas of the CISO Executive Summit.
Ben Eu, Program CISO at IBM, and Raymond Soriano, Director of Security & Privacy Services and Cyber Threat & Vulnerability Management at Deloitte & Touche, served as co-chairs on the “Embracing the Cloud and Mitigating Surrounding Threats” panel discussion. Summarizing the panel discussion, they stated that in order to mitigate threats posed by the cloud, top IS professionals must:

Another challenge that awaits CISOs in the New Year is ensuring the IS team they lead consists of highly skilled professionals who are ready to mitigate risks associated with cloud computing and other technologies.

According to “The IT Skills Gap”, an article written by Andrew Horne, Practice Director at Corporate Executive Board, another one of the CIO’s (Chief Information Security Officer) most serious challenges is the lack of adequate skills in prospective and current IS employees. It is projected that demand for certain roles in the IS field will increase by over 200% within the next 5 years. He goes on to say that, “As key IT skills are in short supply, and the few people with those skills are not going to be pried loose from their current employers, the only option for CIO’s is to develop existing employees.”

Co-chairs of “Structuring and Managing Your Infosec Workforce”, Jerry Chappee, Chief Information Assurance and Operations Officer for the U.S. Army Reserve, and Jeffrey Vinson, Director and CISO of SecureNet Payment Systems, stated that one of the best ways to improve the skills of the existing workforce is by investing in certifications, “Leaders of the organization need to support their people and show them the importance of certifications. More specifically, how the certification directly supports the business and keeps information more secure.”

The CISO Executive Summit created an environment where the most recent IS threats and landscape evolution was discussed and debated. Additional key issues addressed were implementing a high-performing IS program, managing insider threats, and factors with the greatest impact on the IS profession. For a full CISO Summit report including highlights and key takeaways, please visit: http://www.eccouncil.org/ciso/resources.

2012 will have its share of challenges and obstacles to overcome. The tough economic climate and mantra of “doing more with less” will prompt Information Security leaders to come together and share knowledge and ideas. It is the mission of the CISO Executive Summit Series to unite the top Information Security (IS) leaders across the world in the fight against cyber crime and IS threats, while providing a platform for continuous learning where the most recent IS threats and landscape evolution can be discussed and debated.

EC-Council will host a Global CISO Executive Summit on October 29, 2012 in Miami, FL. For more information, please visit: http://www.eccouncil.org/ciso/resources.

Contact:
Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Chief Information Security Officer (C|CISO) as well as many other programs that are offered in over 80 countries through a global training network of more than 450 training partners. For more information on CISO certification, visit http://www.eccouncil.org/ciso.


Anonymous withdraws Indian hack under pressure

The fledgling Indian operation of hacker group Anonymous attacked the website of the Indian army on Friday, but reversed its decision after it ran into criticism from Indian supporters who were annoyed that the Indian army was targeted.

Later on Friday, the hacker group said in a Twitter message that the Indian army site was now working fine. The new consensus appears to be not to target government websites, but only those of corrupt politicians.

The Hacker News reported that the Indian army site was down for only about an hour, according to the hackers. Indian government officials were not immediately available for comment. It is also not clear whether the Indian army or Anonymous put the website in order. Read more…


China behind recent hack attacks, says Indian government

The Times of India has accused Chinese hackers, allegedly backed by the Chinese government, of systematically attacking Indian online assets over the past 18 months. The goal of these assaults, at least according to the paper, is to map and discover weak points within India’s IT infrastructure. Such information could give China an advantage in any potential conflict, and the article implies that India has been slow to develop a retalitory system in the event of a Chinese attack.

The degree to which the Chinese government is actually involved in these attacks is still an open question, The Times’ rhetoric notwithstanding. A continuing series of sophisticated and methodical assaults is no longer proof of another nation’s malevolent intent, even if such attacks appear to be originating in the country in question. Read more…


EC-Council’s CISO Executive Summit 2011 Features a Unique Format that Encourages Knowledge Sharing Among the Diverse Range of Participants

The CISO Executive Summit included over 40 prominent speakers from across industries in the government, private and public sectors who were surprised and pleased by the interactive format of the event.

December 14, 2011 Albuquerque, NM- EC-Council hosted the 1st in its Global CISO (Chief Information Security Officer) Executive Summit Series in Las Vegas, NV December 5-6th at the M Resort.

The CISO Executive Summit 2011 was the first of its kind to be fully comprised of panel-based discussions. Panel chairs and speakers consisted of the world’s most successful thought leaders in the Information Security (IS) industry, including executive representation from top corporations and agencies such as IBM, Motorola, Transunion, Abu Dhabi Securities Exchange (ADX), Sallie Mae, Blue Cross Blue Shield, Deloitte & Touche, SecureNet Payment Systems, U.S. Department of Treasury, U.S. Army Reserve and Department of Defense.

The mission of the CISO Executive Summit was to unite the top information security leaders across the world in the fight against cyber crime and information security threats. Today’s rapidly evolving threat landscape is posing new risks to security professionals and the organizations they protect. The panel discussions were centered on the topics most relevant to high-level Information Security leaders including managing insider threats, cloud compliancy, and structuring and managing an infosec workforce. Some of the questions addressed were:

The CISO Executive Summit 2011 successfully accomplished its mission by providing a unique platform of 13 interactive panel discussions. This setup provoked in depth and intimate discussions about issues that are of global concern to high-level Information Security leaders. Panel speakers from the private, public, and government sectors brought an element of diversity and variety to the discussions. To view the full list of speakers, panel discussion topics and abstracts, please visit: http://www.eccouncil.org/cisosummit.

Jay Bavisi, President and Co-Founder of EC-Council, stated “The success of the CISO Summit is evident from the fact that so many senior executives from a vast array of organizations travelled to the EC-Council CISO Summit in the first week of December in Las Vegas. The intense industry representation and their engagement in active dialogue over today’s most pressing issues was beneficial to the industry. It was wonderful to witness the commitment shown by these individuals in seeking continuous learning and sharing.”

Tony Meholic, Chief Information Security Officer at Republic Bank, added, “The extensive knowledge and experience the speakers and audience displayed in the Information Security space was superb. I found the format to be informative and very lively. The opportunity to network with peers from various industries, government and academia was also very welcomed. These connections will provide valuable resources for discussions, questions and recommendations on current and future topics.”

 

 

“It was great to be a part of the 1st series of Global CISO Summit. I enjoyed the great panel discussions, fellowship and networking. I look forward to attending and speaking at future summits.” Said Jeffrey Vinson, CISO at SecureNet LLC., of the networking and knowledge sharing opportunities presented at the CISO Executive Summit.

EC-Council will host the 2nd in the Global CISO Executive Summit Series in May 2012, the location is to be determined. A Global CISO Summit is to proceed on October 25, 2012 in Miami, FL. For upcoming EC-Council CISO Executives Summits, please go to: http://www.eccouncil.org/cisosummit.

Contact:
Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council:
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Chief Information Security Officer (C|CISO) as well as many other programs that are offered in over 80 countries through a global training network of more than 450 training partners. For more information on CISO certification, visit http://www.eccouncil.org/ciso.


Good Versus Evil: How to Further Protect Your Privacy on Mobile Devices and Wireless Networks”

Your bank account has just been drained and the bank says that you willingly did it and there is no chance for a reversal. Well, for all purposes, you did. Your username, password and security questions were all answered correctly just prior to the transaction, but the problem is, it wasn’t you, it was the work of a hacker who gained your information through a public forum in which you had both joined the same wireless network. Can it happen? Yes it can, and it does. One party figures out how to gain information for the benefit of the consumer and the other party figures out the information for the detriment of the consumer. It’s the ongoing battle between certified ethical hackers and malicious hackers. Read more…


XSS Vulnerabilities Can Affect Embedded Browsers in Mobile Apps

A security researcher has noted that the use of embedded browsers in mobile applications can make those applications vulnerable to cross site scripting attacks. Developers of mobile software have found it can be effective to embed a smartphone operating system’s web browser and then create their user interface using HTML, CSS and JavaScript. The user interface is then more portable to other devices and is easier to customise using CSS. But this convenience comes at a cost. Researcher Kyle Osborn, who is presenting his findings at TakedownCon, found that some developers don’t clean the data being sent to their HTML-based user interface.  Read more…


Mobile Security at TakeDownCon: Hackers Handing Out a Healthy Dose of Paranoia”

Smartphones are mini-computers packed with financial and personal info, but even though folks can use their mobile devices for everything from paying bills to GPS, it’s a bit confusing when wondering why folks don’t consider mobile security. To ignore the need for mobile security is a bit like choosing to run a computer without any regard to security precautions. Not wise at all. Even without any malicious intent by app developers, many are not concerned about security; their apps may ask for overreaching access permissions.

Mobile and wireless security news is pouring out of TakeDownCon in Las Vegas. During the keynote presentation, Moxie Marlinspike said “mobile malware detection should be done by the app stores” and “Google has done the absolute bare minimum to secure the Android platform.” Marlinspike tweeted, “Half way through my talk at TakeDownCon this morning, I realized it included some minor Android 0day we hadn’t reported.”  Read more…