Blog Posts Tagged with "Software"
Three Reasons Why a One-Size-Fits-All Secure SDLC Solution Won’t Work
May 08, 2013 Added by:Rohit Sethi
Forcing a security process on development teams that doesn’t take into account the way they develop software is a recipe for disaster. A good goal to have for secure SDLC is to minimize the impact on the team’s existing software development practice.
Comments (0)
Why Are We Failing at Software Security?
May 01, 2013 Added by:Nish Bhalla
While there are many granular reasons for software security failures at the institutional, developer or vendor level - there are five industry-wide problems that are fueling the current state of insecurity. These are complicated problems and will not be easy to solve. But until we do, software security will remain at risk.
Comments (0)
Why the Latest Rails Exploit Is Indicative of a Bigger Problem
February 15, 2013 Added by:Rohit Sethi
The latest Rails security flaw is example of a common anti-pattern. The issue in each case is an abuse of extensibility. At first glance the idea is clever: allow for run-time execution of new code or binding of server-side variables without changing your compiled code, thereby greatly enhancing extensibility.
Comments (0)
Ubuntu Snafu: Privacy Is Hard, Let’s Go Shopping
November 10, 2012 Added by:Fergal Glynn
Amusingly, the plugin’s flood of attention means it is already racking up quite the bug count. For example, it does not currently do any NSFW prevention, and the results are returned in plaintext also. Have fun explaining that one to the ol’ boss-a-roni...
Comments (0)
Sophos is the Lamest Virus Ever...
September 21, 2012 Added by:Damion Waltermeyer
Starting September 19, Sophos successfully became the lamest virus ever. An update put out by their auto-update service has rendered many machines across the world useless. This update detected false positives and deleted or quarantined them...
Comments (0)
Microsoft Disrupts Nitol Botnet: Malware Hidden in Supply Chain
September 16, 2012 Added by:Pierluigi Paganini
Cybercriminals are exploiting a new way to spread malware by preloading malicious code inside counterfeit software deployed in computers that are offered for sale. To give you an idea of the phenomenon, 20% of the PCs researchers bought from an unsecure supply chain were infected with malware...
Comments (0)
Java, Flash, and the Choice of Usability Over Security
September 10, 2012 Added by:Le Grecs
Convenience vs. Security: My goal of not installing Flash and Java on a new system didn't last more than a few hours. Yet, as infosec professionals, following the disable unnecessary services philosophy, we advise not installing these types of applications for security reasons...
Comments (0)
A Day Without COBOL: The Crucial Role it Plays
August 21, 2012 Added by:Bill Gerneglia
Those who have labeled COBOL ‘a dying language’ should reconsider. With COBOL supporting the majority of the world’s businesses, it is impossible to dispute its viability in the enterprise. It remains a cornerstone of business-critical applications and has successfully navigated through each computing generation...
Comments (0)
Tackling Modern Malware
August 15, 2012 Added by:Simon Heron
With conventional antivirus products, their signature bases are never completely up to date. When a new infection emerges, it simply roams freely across all endpoints. Conversely, WSA leverages behavioural monitoring to pick up infections when it isn’t sure whether a file is malicious or not...
Comments (0)
NIST: Guide to Rating Software Vulnerabilities from Misuse
July 29, 2012 Added by:Headlines
A new guide from the National Institute of Standards and Technology (NIST) describes a "scoring system" that computer security managers can use to assess the severity of security risks arising from software features that are designed under an assumption that users are operating these features as intended...
Comments (0)
To “Open Source” or “Not to Open Source”
July 27, 2012 Added by:Andrew Sanicola
Many open source products have add-ons, extensions, plug-ins etc. which make them attractive. While the core application itself is mostly secure, it is these extensions and plug-ins contributed by many diverse developers and organizations that introduce vulnerabilities into the open source product as a whole...
Comments (0)
Company Guilty of Illegal Export of U.S. Military Software to China
July 04, 2012 Added by:Headlines
“Preventing the loss of critical U.S. information and technologies is one of the most important investigative priorities of the FBI. Our adversaries routinely target sensitive research and development data and intellectual property from universities, government agencies, manufacturers, and defense contractors..."
Comments (0)
Why Open Source is Not Always the Best Bet
July 02, 2012 Added by:DHANANJAY ROKDE
Although open source software appears fantastic at the outset, they often come with an indirect price to pay, and it takes a lot of time for the organization to realize this. If your organization is hit by the ‘using open source to reduce costs’ wave, here are a few points you to look at before taking the leap...
Comments (1)
Security and Privacy for Microsoft Office 2010 Users
June 27, 2012 Added by:Ben Rothke
Encryption, privacy, data protection, and macro security are but a few of the vital capabilities for anyone using Microsoft Office - or any office suite for that matter. Author Mitch Tulloch shows how to take control of the Microsoft Office 2010 experience and use the many security and privacy features...
Comments (0)
No Copyrights on APIs: Judge Defends Interoperability and Innovation
June 18, 2012 Added by:Electronic Frontier Foundation
Judge Alsup, a coder himself, got it right when he wrote that “copyright law does not confer ownership over any and all ways to implement a function or specification of any and all methods used in the Java API.” It's a pleasure to see a judge so fundamentally understand the technology at issue...
Comments (0)
Patch as Patch Can: All Software is Flawed
May 30, 2012 Added by:Michelle Drolet
While many software publishers don’t bother to release patches, the two that are religious about patching are Microsoft and Adobe. Ironically, they still account for the majority of client-side vulnerabilities, with the Office Suite products and Adobe Flash Player and Reader topping the list...
Comments (0)
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform