Blog Posts Tagged with "Software"
May 08, 2013 Added by:Rohit Sethi
Forcing a security process on development teams that doesn’t take into account the way they develop software is a recipe for disaster. A good goal to have for secure SDLC is to minimize the impact on the team’s existing software development practice.
May 01, 2013 Added by:Nish Bhalla
While there are many granular reasons for software security failures at the institutional, developer or vendor level - there are five industry-wide problems that are fueling the current state of insecurity. These are complicated problems and will not be easy to solve. But until we do, software security will remain at risk.
February 15, 2013 Added by:Rohit Sethi
The latest Rails security flaw is example of a common anti-pattern. The issue in each case is an abuse of extensibility. At first glance the idea is clever: allow for run-time execution of new code or binding of server-side variables without changing your compiled code, thereby greatly enhancing extensibility.
November 10, 2012 Added by:Fergal Glynn
Amusingly, the plugin’s flood of attention means it is already racking up quite the bug count. For example, it does not currently do any NSFW prevention, and the results are returned in plaintext also. Have fun explaining that one to the ol’ boss-a-roni...
September 21, 2012 Added by:Damion Waltermeyer
Starting September 19, Sophos successfully became the lamest virus ever. An update put out by their auto-update service has rendered many machines across the world useless. This update detected false positives and deleted or quarantined them...
September 16, 2012 Added by:Pierluigi Paganini
Cybercriminals are exploiting a new way to spread malware by preloading malicious code inside counterfeit software deployed in computers that are offered for sale. To give you an idea of the phenomenon, 20% of the PCs researchers bought from an unsecure supply chain were infected with malware...
September 10, 2012 Added by:Le Grecs
Convenience vs. Security: My goal of not installing Flash and Java on a new system didn't last more than a few hours. Yet, as infosec professionals, following the disable unnecessary services philosophy, we advise not installing these types of applications for security reasons...
August 21, 2012 Added by:Bill Gerneglia
Those who have labeled COBOL ‘a dying language’ should reconsider. With COBOL supporting the majority of the world’s businesses, it is impossible to dispute its viability in the enterprise. It remains a cornerstone of business-critical applications and has successfully navigated through each computing generation...
August 15, 2012 Added by:Simon Heron
With conventional antivirus products, their signature bases are never completely up to date. When a new infection emerges, it simply roams freely across all endpoints. Conversely, WSA leverages behavioural monitoring to pick up infections when it isn’t sure whether a file is malicious or not...
July 29, 2012 Added by:Headlines
A new guide from the National Institute of Standards and Technology (NIST) describes a "scoring system" that computer security managers can use to assess the severity of security risks arising from software features that are designed under an assumption that users are operating these features as intended...
July 27, 2012 Added by:Andrew Sanicola
Many open source products have add-ons, extensions, plug-ins etc. which make them attractive. While the core application itself is mostly secure, it is these extensions and plug-ins contributed by many diverse developers and organizations that introduce vulnerabilities into the open source product as a whole...
July 04, 2012 Added by:Headlines
“Preventing the loss of critical U.S. information and technologies is one of the most important investigative priorities of the FBI. Our adversaries routinely target sensitive research and development data and intellectual property from universities, government agencies, manufacturers, and defense contractors..."
July 02, 2012 Added by:DHANANJAY ROKDE
Although open source software appears fantastic at the outset, they often come with an indirect price to pay, and it takes a lot of time for the organization to realize this. If your organization is hit by the ‘using open source to reduce costs’ wave, here are a few points you to look at before taking the leap...
June 27, 2012 Added by:Ben Rothke
Encryption, privacy, data protection, and macro security are but a few of the vital capabilities for anyone using Microsoft Office - or any office suite for that matter. Author Mitch Tulloch shows how to take control of the Microsoft Office 2010 experience and use the many security and privacy features...
June 18, 2012 Added by:Electronic Frontier Foundation
Judge Alsup, a coder himself, got it right when he wrote that “copyright law does not confer ownership over any and all ways to implement a function or specification of any and all methods used in the Java API.” It's a pleasure to see a judge so fundamentally understand the technology at issue...
May 30, 2012 Added by:Michelle Drolet
While many software publishers don’t bother to release patches, the two that are religious about patching are Microsoft and Adobe. Ironically, they still account for the majority of client-side vulnerabilities, with the Office Suite products and Adobe Flash Player and Reader topping the list...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013