Security researchers have revealed a new software vulnerability that is leaving Apple and Google users open to a hack attack. The vulnerability, Factoring RSA export keys (also known as the FREAK attack), was found in SSL/TLS—the protocol meant to provide secure Web connections. According to the miTLS team, composed of Inria (a research organization in … continue reading
Android Lollipop’s usage is slowly rising. Google just released its Android usage data, with Lollipop making its debut about three months since its public launch; the data showed about 1.6% of users are now using it. KitKat is still the most used version of Android with 39.7% of users, a slight increase from last month’s … continue reading
If there was one word that could best sum up the software security situation in 2014, it would be “Egad!” With major enterprises like Target, Home Depot and Sony getting not just hacked but completely compromised in 2014, what hope do smaller firms have at keeping the attackers at bay? Fortunately, things are already looking … continue reading
Every year there are a number of vulnerabilities exposed and exploited, but 2014 was bad in terms of software security. In the beginning of the year, Cenzic revealed the latest results from its 2014 Application Vulnerability Trends report and found that a majority of apps have at least one security vulnerability; but it wouldn’t be … continue reading
Software vulnerabilities have existed for as long as there has been software. Organizations and their developers have been locked in a cat-and-mouse game with the legion of hackers looking to steal data. Every time one breach is fixed, another is exploited, and ‘round and ‘round it goes. So, after Julian Assange and WikiLeaks, Edward Snowden, … continue reading
Have you been Shellshocked? A new website has launched for users to test if their systems have been affected by the Bash vulnerability known as Shellshock. Shellshock is said to pose a bigger threat than OpenSSL’s Heartbleed bug, according to security researchers. “If your system has not updated bash in the last 24 hours, you’re … continue reading
The Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) has issued a warning about a vulnerability affecting Unix-based operating systems. The vulnerability, dubbed Shellshock, was discovered in the Bourne-Again Shell, also known as Bash. Bash is a popular Linux and Unix shell, and according to security researchers, the newly revealed bug could … continue reading
Microsoft releases WinJS 3.0 with multiplatform support, nixes developer fees Microsoft has released version 3.0 of WinJS, the Windows library for JavaScript, adding cross-platform and cross-browser support, JavaScript modularization, and improved universal control designs. The update adds support for popular Web and mobile browsers, as well as HTML-based app environments, including Apache Cordova. According to … continue reading
The development team behind the OpenSSL open-source encryption toolkit has released its first official security policy, laying out its internal security protocols and plans to pre-notify organizations implementing OpenSSL about impending updates and security fixes. The OpenSSL pre-notification policy will allow notices to be sent out over the OpenSSL mailing list and on the homepage … continue reading
The popular OpenSSL encryption scheme underlying much of the Web’s security protocols is finally turning a corner. With Heartbleed now well behind it, the open-source SSL/TLS security protocol released a project road map laying out its short- and long-term goals, and it has issued nine security fixes to the encryption scheme. In a Security Advisory, … continue reading
It’s a mess out there. OpenSSL was compromised. The U.S. government is in your database. Cats and dogs living together; mass hysteria! But there is a solution. You, as a software development manager, hold the keys to making sure your software is secure. You hold the keys to making sure your infrastructure is secure. You … continue reading
When it was announced on June 8 that OpenSSL was vulnerable to a dangerous new attack that could reveal security certificates to an attacker, the Internet spent a few days in panic mode. Thousands, if not millions, of sites used (and still use) OpenSSL, and the fix for the problem took a few days to … continue reading