Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Security's Weak Communications Skills Can Undermine Safety

eschuman's picture
By Evan Schuman September 23, 2016  | Security News
Communication takes effort and time, poor communication will hinder results!

It's hardly a revelation that hardcore security veterans are not at the pinnacle of clear communication. And the more technical the talent, in general, the weaker the communication. For most in IT and almost everyone in corporate outside of IT, this is generally dismissed as a fact-of-life. But I've recently started to wonder if this isn't a bigger problem and one that can undermine... READ MORE

Could How A Shopper Types Be The Best Authentication?

eschuman's picture
By Evan Schuman September 20, 2016  | Security News

It's not what you say, but how you say it. That piece of advice, which has given to countless politicians and executives over the decades, might be the premise behind an intriguing knew approach to biometric authentication. Although to be precise, it's closer to "It's not what you type, but how you type it." The value of any authentication system is based on a balancing act... READ MORE

Why Age Verification Needs To Be A Key Part Of Your Security Strategy

eschuman's picture
By Evan Schuman September 8, 2016  | Security News
Age verification is an important part of security planning.

Not only is e-commerce being radically changed due the mobilization of shoppers, but it's disproportionately happening with younger consumers. At the same time, law enforcement and government regulatory attention is being focused on age violations. And yet, the vast majority of companies have age-verification systems that provide almost no legal protections. Consider Facebook's recent age... READ MORE

Podcast: Cyberwar has a history not just a future

jlavery's picture
By Jessica Lavery September 6, 2016  | Security News
Learn the history of cyber war.

Cyberwar – the term conjures images of futuristic warriors battling for control of Earth ala the Terminator or the Matrix. But the truth is cyberwar is just as much a part of our national history as it is a potential future crisis. And as the old adage goes “ what has happened before will happen again”. The main difference between the cyberwar of the past and the one of today, or the future is... READ MORE

When Bug Bounties Are Counter-Productive

eschuman's picture
By Evan Schuman August 18, 2016  | Security News
The problems with bug bounty programs.

Crowdsourcing security holes—aka bug bounties—has become an increasingly-popular tech firm tactic, bordering on Silicon Valley standard-operating-procedure. But as tempting as such an approach is, it's not without serious drawbacks. What we're talking about is encouraging and incentivizing anyone and everyone to dig into your app/OS and beat up on it to try and find any... READ MORE

Why a Bug Bounty Program Is Just One Bite of the Security Apple

jzorabedian's picture
By John Zorabedian August 15, 2016  | Security News
Apple with bug

When Apple announced at Black Hat that it’s launching a bug bounty program, you could hear from the peanut gallery variations of a common theme: “it’s about time.” Apple has taken some flak for being slow to join the many tech companies with bug bounty programs, from Alphabet to Yahoo. Increasingly, companies outside the tech sector, from auto manufacturing to airlines,... READ MORE

Forcing Monthly Password Changes Only Helps The Thieves

eschuman's picture
By Evan Schuman August 11, 2016  | Security News
Monthly password change requirements weaken security!

When protecting app data, the default response for years has been passwords. And as long as a company's data is solely being defended by passwords, it makes sense to insist that they be changed regularly, no? Would not such mandated periodic changes shorten the life of the access-controls for thieves? Turns out that the answer is "no" to all of the above. To the extent that passwords provide... READ MORE

Your Mobile Apps Retain A Lot More Than You Know. I Guarantee It

eschuman's picture
By Evan Schuman August 4, 2016  | Security News

Here's a fact about mobile apps that is as true for Fortune 100 companies as mom-and-pops: Rare is the company that understands what data its mobile app retains. I used to prove this theory routinely. All it requires is a security consultant who is willing to do some penetration testing on the app. In some cases, 20 minutes was all the time needed. We found passwords in the clear in Starbucks... READ MORE

To Weak Authentication, A Thief Looks Exactly Like A Cop

eschuman's picture
By Evan Schuman August 3, 2016  | Security News

Here's an uncomfortable truth for IT to internalize: enabling access for a friend facilitates access for an enemy. This is what was behind the anti-backdoor argument that Apple aggressively made, albeit for non-altruistic sell-more-hardware reasons. In effect, if you provide an easy way for government investigators to access data, there's no reason to believe that bad guys won't use a... READ MORE

Vulnerable Method detection now available for Python projects

dfoo's picture
By Darius Foo August 1, 2016

SourceClear now supports Vulnerable Method detection for both Java and Python projects. In addition to notifying you of the vulnerable libraries you're using, we will now let you know exactly where you are using the vulnerable code. Of course, if it turns out you're not actually vulnerable, we'll let you know that too. More signal, less noise. How does it work? To support Vulnerable Methods in... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu