March 28, 2012 Added by:Fergal Glynn
Eight-one percent of attacks utilized hacking. There was a stark difference between large and small organizations. SQL injection comes in 3rd after use of stolen logins and exploitation of backdoor or command and control channel. It is tied with dictionary attacks...
March 28, 2012 Added by:Electronic Frontier Foundation
By installing and authorizing an app, users don’t know how much information they are handing over. Without details about policies and practices, how confident can they be in the security of that data against the threat of subpoenas, intrusions, or rogue employees?
March 20, 2012 Added by:Electronic Frontier Foundation
There is ample evidence mobile applications are exceeding the privacy expectations of users. The first implementation of Do Not Track on a mobile OS is a big step toward ensuring users have a meaningful choice when it comes to digital tracking...
March 19, 2012 Added by:Fergal Glynn
The recent explosion in Mobile application development paints a clear picture of the modern development landscape. Not only in terms of the incredible speed of production, but perhaps more importantly, the widening gap between speed-to-market and software security quality...
March 13, 2012 Added by:Fergal Glynn
Whatever the intended use of your input may be, even if you employ best practices to prevent data tampering, verifying individual pieces of data both at the reading and writing stage is a good defense in depth measure that can be taken with minimal effort...
March 09, 2012 Added by:Electronic Frontier Foundation
EFF frequently recommends that Internet users who are concerned about protecting their anonymity and security online use HTTPS Everywhere, which encrypts your communications with many websites, in conjunction with Tor, which helps to protect your anonymity online...
March 08, 2012 Added by:Rafal Los
Bad guys often rely on the end-user's lack of awareness, employing some dirty tricks like creating a convincing web page that looks just like your antivirus software, or something equally dastardly. But there's another trick that makes me crazy: End User License Agreements...
March 07, 2012 Added by:Fergal Glynn
A holistic application security approach that includes integrating developer training with static analysis and advanced remediation techniques will help reduce overall risk across your enterprise application portfolio and will strengthen your security program...
March 06, 2012 Added by:Ian Tibble
Operating System Security is radically under-appreciated, and this has been the case since the big bang of security practices in the mid-90s. OS security, along with application security, is the front line in the battle against hackers, but this has not been widely realized...
February 22, 2012 Added by:Bill Gerneglia
You can’t understand how applications will be attacked if you don’t know how they work. Applications ultimately transmit data and operate on hardware in a network. Developers need to understand protocols, dependencies, communications, encryption, and more...
February 20, 2012 Added by:Pierluigi Paganini
Iran will be banned from the purchase of antivirus systems, a technological embargo with clear implications for the Stuxnet virus attacks and the need to prevent further infections to control systems for critical infrastructures, namely their nuclear programs...
February 08, 2012 Added by:Alan Woodward
The current volumes of spam email are extraordinary. Between 70% and 80% of all email sent are spam. As none of the current methods described here are completely effective, there is still scope for much further research in this area...
February 01, 2012 Added by:Alan Woodward
The Metasploit Project is an extremely valuable tool. However, a recent development which was revealed demonstrates just how easily the Metasploit Framework can be used to develop malicious payloads that avoid detection by the usual Anti-Virus and Firewall software...
February 01, 2012 Added by:Jeffrey Carr
As the world's largest vendor of security software, the breach puts all of its corporate and government customers at risk, because if Symantec didn't know the extent of its breach back then, how do Symantec's customers know that their current product line is safe to use?
January 18, 2012 Added by:Rafal Los
Infosec pros just started getting comfy with profiling, analyzing, and defending web-based apps from a server, consumed by a human, and used in a browser. Hang on tight because the world just took a sharp left and if you're not buckled in you're bound to be thrown from the bus...
January 17, 2012 Added by:Pierluigi Paganini
Initially, Symantec spokesman Cris Paden said the hackers had stolen only the source code of Symantec Endpoint Protection 11.0 and Symantec AntiVirus 10.2, minimizing the seriousness of the breach. The situation has now changed dramatically...
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015