Which Is More Dangerous: Cause-Motivated or Financially Motivated Hackers?

The Wall Street Journal recently published excerpts from an interview with David DeWalt, FireEye’s CEO. As I read through his comments, one in particular got me thinking: “The breach of Sony last year marked the “elevation” of cybercrime into “sabotage,” DeWalt said. “We’ve watched over the last two or three years significant occurrences of just outright destruction. Attempts to really hurt companies or countries with Internet weaponry. You don’t have to wipe out the company. All you have to do is release the information about the...

Read More

Don't Be a Dinosaur! Try Agile Development Methods Today

The internet has revolutionized the world of software. Today's top-selling, pocket-sized gadgets don't have room for USB flash sticks, let alone full-on optical drives — and considering many laptops and desktops now ship sans disc-reading capability, releasing a full software product without digital distribution is like selling a car without wheels. Because of this, the way developers make software needs to change, too. While methods such as traditional waterfall certainly have their uses, there's no question that Agile development is the way of the future. Here's why....

Read More

What the WhatsApp Update Means for You

There's no question that WhatsApp, the popular messaging app that recently fetched $22 billion from Facebook, is a major player in the communication-technology sphere. So when the EFF released its Secure Messaging Scorecard, on which neither WhatsApp nor any other major messaging clients scored favorably, the company knew its reputation (and its users' safety) was at stake. In response to its low marks, a new WhatsApp update "added end-to-end encryption and enabled it by default in the latest version of its Android messaging application," writes Katherine Noyes for the E-...

Read More

How to Talk to Executives About Risk-Based Security Policies

How do you communicate risk to C-suite executives? The question plagues IT departments nationwide as threats like the recent Sony hack and Backoff POS malware, plus vulnerabilities such as Heartbleed and Shellshock, make it increasingly difficult to keep corporate IT assets safe. Creating a risk-based security policy is made even more complex when internal software development is considered: Should projects be pushed to market before more flaws are discovered, or put on the back burner until more comprehensive solutions can be found? Here are three key talking points to bolster boardroom...

Read More

Will High-Tech Bank Heist Change How Enterprises View Security?

Kaspersky Lab has released reports stating that bank hackers stole millions via malware. The initial reports indicated that hackers stole approximately $1 billion from over 100 banks in 25 countries — including the United States (although now FS-ISAC claims no US banks were impacted). Whether or not US banks were hit isn’t the most interesting point. What is interesting is how the cybercriminals infiltrated the banks they did breach, and what they stole.  As with many of the large breaches we’ve seen in the past year, the cybercriminals used a variety of techniques as...

Read More

Raise the Gates: 3 Tips for Stronger Password Security

Password security is one of the hottest, longest-standing topics in today's world of digital security, and it's no wonder: These single, self-contained words and phrases give users access to a wide breadth of info, powerful systems and functions that enterprise employees need in their daily jobs. Of course, all that power makes them points of intense interest for black-hat attackers and more civic-minded security researchers, albeit for very different reasons. While different technological advancements (biometric thumb and eye scanners, wearable secondary gadgets like Android Wear,...

Read More

Securing the Silver Screen: Source Code in Movies

During Veracode’s Hackathon last year I wanted to answer this question: How secure are the applications that we see in those movie scenes when the source code is scrolling by on an actor’s computer? In the spirit of the Hackathon, where projects range from baking to backdoor detection, I set off. I collected screenshots from four TV shows or movies that featured source code. I found the attribution (link: http://moviecode.tumblr.com/) what application that code was from. And then I scanned the application using the Veracode static platform. The results were put together in a short...

Read More

The Best Time for a Code Review Is ASAP

You don't have to produce code to understand the importance of stopping bugs and catching errors early. In fact, you could even say it's business leaders who feel the most pain when an unexpected fix takes hours of time. Whether you're signing the overtime checks or explaining yourself to irate clients, delays introduce unpleasantness beyond the keyboard. Many bug- and error-related impediments come from people not knowing about the factors behind errors or the code review tools available to fix them. To help, here's an overview of some common causes of delays, possible fixes...

Read More

How Cross-Functional Teams Can Take Agile to the Next Level

Agile isn't enough on its own. While this method of software development offers speed, security and stability, it's not perfect. The problem? It's often tied to ingrained organizational communication structures, which in turn have serious impacts on the way software is designed, tested and rolled out. The solution? Cross-functional teams that go beyond traditional borders. Here's how to take your Agile process to the next level. Understanding Cross Functionality According to Inc., cross-functional teams (CFTs) can be defined as "groups that are made up of people from...

Read More

Secure Messaging Apps: Did Yours Get an A on the EFF Scorecard?

Almost everyone has used Google Chat to talk to coworkers who are just down the hallway, or iMessage to text close friends from work computers. Our networks trust and authenticate such apps on the strength of their names alone. But, according to the recent EFF Secure Messaging Scorecard, neither are truly secure messaging apps — nor are any of the other reputable apps that many firms use. You might be comfortable with your employees sneaking in some Friday evening planning on Friday morning. But as soon as one of them sends a piece of sensitive information via a messaging service, that...

Read More

Pages