Topic: security

Beware the cookie injection

Man-in-the-middle attacks are nothing new. But when that man-in-the-middle attack includes cookie injections, things get messy. Security researcher Xiaofeng Zheng published a PDF describing the methods used to make such an attack work in August. In the PDF, Zheng detailed the lack of security around cookies. “The same-origin policy is a corner stone of Web … continue reading

Apple has to clean up after its first major iOS App Store attack, Microsoft puts up money for CS education, and Google upgrades Cardboard—SD Times News Digest: Sept. 21, 2015

Apple has removed a bevy of malicious applications from its iTunes App Store today. While there is no official word on how many applications were removed, according to Reuters, Chinese security firm Qihoo 360 Technology wrote on its blog that it has detected 344 tainted apps in the App Store. These apps were all infected … continue reading

Microsoft acquires cloud security company Adallom

Continuing its commitment to cloud security, Microsoft today announced it has acquired Adallom, which specializes in identity and access management. According to a Microsoft blog post by Takeshi Numoto, Microsoft corporate vice president of cloud and enterprise marketing, Adallom provides a cloud access security broker that gives visibility and control over access to data. (Related: … continue reading

Industry Watch: Be careful what you wish for

A couple of years ago, loyal readers of this column will remember I wrote of getting into a crash with a wrong-way driver. That kicked off a column about information sharing and data management, where I posited what a wonderful world it would be if as soon as the crash occurred, the police, my body … continue reading

Analyst Watch: Don’t treat mobile developers as security experts

Ask any business leader if they’re OK relaxing their mobile security standards and they’ll quickly tell you it’s not an option. But as mobile apps transition from standalone experiences to integral parts of an overall physical/digital ecosystem, securing them becomes more complex and more dynamic—a job well beyond the duties of mobile app developers. Mobile … continue reading

Researchers discover emerging class of C++ bugs, Intel’s diversity report, and Android Experiments—SD Times news digest: Aug. 13, 2015

Researchers from Georgia Tech have discovered an emerging class of C++ bugs, and Facebook has awarded them US$100,000 for their efforts. The bugs are rooted in a new method for identifying “bad casting” vulnerabilities in C++ programs casted dynamically or statically at runtime. The researchers, who presented their findings at the USENIX Security ’15 conference, … continue reading

IBM discovers Android vulnerability, Windows 10 IoT core, and OpenSSH 7.0—SD Times news digest: Aug. 11, 2015

Researchers from IBM’s X-Fore Application Security team have discovered a new serialization vulnerability that affect more than 55% of Android phones. According to the researchers, the vulnerability could allow attacks to perform arbitrary code execution and gain access to a user’s device. The vulnerability is nestled within the Android platform, and it affects Android Jelly … continue reading

SD Times Blog: x86 exploit released

Your teams have taken a lot of time to ensure your super secret systems are super secret, right? Thanks to Black Hat 2015, all that work to prove a system is secure and reliable is going to have to be redone. Christopher Domas, security researcher at the Battelle Memorial Institute, metaphorically dropped the mic and … continue reading

Microsoft’s open-source iOS bridge for Windows 10, a Firefox exploit, and WebGLStudio.js—SD Times news digest: Aug. 7, 2015

Microsoft has released an early look at its open-source Windows 10 Bridge for iOS. Previously known as “Project Islandwood,” the bridge allows iOS developers to build and run apps on Windows. The version currently available to the open-source community is a work in progress, and Microsoft is encouraging feedback and code contributions before the final … continue reading

Industry Watch: Software industry M&A grows in the last year

Mergers and acquisitions in the first six months of this year grew by 3% over the last six months of last year, according to a new study by mid-market investment bank Berkery Noyes. That’s a positive sign that investment in the technology sector remains strong. In fact, beginning from the last six months of 2013, … continue reading

Android Developer Conference kicks off

Call it the digital sword of Damocles: Like some torturous situation out of an Edgar Allan Poe story, the entire world’s population of Android users is currently waiting with baited breath for Joshua Drake (Jduck) to release his claimed super exploit for Android. The famous security researcher claims his exploit can take advantage of 95% … continue reading

SD Times Blog: Batten down the patches

It’s that time of year again: Black Hat and Defcon are upon us! That means your systems are all in danger, and your applications should be afraid. Not only will there be (and has already been) an endless stream of new exploits dropped at the shows, but the weekend of Defcon is, effectively, open season … continue reading

DMCA.com Protection Status