The quintessential open-source network mapper, Nmap, was updated to version 7 yesterday. This version includes mature IPv6 support and expanded capabilities for its scripting engine. The biggest draw for security-wary developers and admins alike, however, may be the top-shelf SSL/TLS scanning. With SSL and TLS vulnerable to so many different attacks discovered over the past … continue reading
Docker continues to release additions to its software and infrastructure. On Nov. 16, the company announced new security enhancements that safeguard and protect Dockerized distributed applications—without impacting the developer’s workflow. Unveiled during the company’s keynote address at DockerCon EU, the security enhancements—built on top of the Docker Content Trust Framework—are around hardware signing of container … continue reading
The Internet of Things is all around us, and every day we’re soaking it in. It is giving the Internet senses for the first time, which will drive us to the future of business technology. Sensors are a huge part of the Internet of Things—and soon a big part of the Internet as a whole. … continue reading
Security firm SourceDNA has revealed a number of iOS apps that are violating Apple’s App Store policy that use private APIs to obtain a user’s private data. The apps all had one thing in common: They used the Youmi advertising SDK from China. “We found 256 apps (est. total of 1 million downloads) that have … continue reading
Illumio has announced new partnerships with Docker and Mesosphere to provide its adaptive security tooling to container users. The Illumio Adaptive Security Platform brings security controls and monitoring into the development process, to be managed as part of the software development life cycle. Alan Cohen, chief commercial officer of Illumio, said that his company’s platform … continue reading
Microsoft announced several new products that cover containers, security and Internet of Things. Those products, announced at AzureCon, will be applicable to Microsoft’s Azure product line. “We live in a connected world, and the intelligent cloud is powering it all,” said Scott Guthrie, executive vice president of Microsoft’s Cloud and Enterprise Division. “As data and … continue reading
Man-in-the-middle attacks are nothing new. But when that man-in-the-middle attack includes cookie injections, things get messy. Security researcher Xiaofeng Zheng published a PDF describing the methods used to make such an attack work in August. In the PDF, Zheng detailed the lack of security around cookies. “The same-origin policy is a corner stone of Web … continue reading
Apple has removed a bevy of malicious applications from its iTunes App Store today. While there is no official word on how many applications were removed, according to Reuters, Chinese security firm Qihoo 360 Technology wrote on its blog that it has detected 344 tainted apps in the App Store. These apps were all infected … continue reading
Continuing its commitment to cloud security, Microsoft today announced it has acquired Adallom, which specializes in identity and access management. According to a Microsoft blog post by Takeshi Numoto, Microsoft corporate vice president of cloud and enterprise marketing, Adallom provides a cloud access security broker that gives visibility and control over access to data. (Related: … continue reading
A couple of years ago, loyal readers of this column will remember I wrote of getting into a crash with a wrong-way driver. That kicked off a column about information sharing and data management, where I posited what a wonderful world it would be if as soon as the crash occurred, the police, my body … continue reading
Ask any business leader if they’re OK relaxing their mobile security standards and they’ll quickly tell you it’s not an option. But as mobile apps transition from standalone experiences to integral parts of an overall physical/digital ecosystem, securing them becomes more complex and more dynamic—a job well beyond the duties of mobile app developers. Mobile … continue reading
Researchers from Georgia Tech have discovered an emerging class of C++ bugs, and Facebook has awarded them US$100,000 for their efforts. The bugs are rooted in a new method for identifying “bad casting” vulnerabilities in C++ programs casted dynamically or statically at runtime. The researchers, who presented their findings at the USENIX Security ’15 conference, … continue reading
