Like many of my industry peers, my first job was in the telecom industry developing software. Back in the day, we used telnet to remotely login to the work station of our choice and then go on about our day writing code and sipping coffee. Software security was not part of our vocabulary or our corporate culture.
No, the dead aren’t rising from their graves to attack the living. But that doesn’t mean that there’s not plenty of blame to go around in the recent hack of the U.S.’s Emergency Alerting Service (EAS).
For the curious developers or security folk following us we wanted to share the methodology behind our latest tool, Smart Social Sharing.
The State of Social Sharing
Commercial sharing tools provide simple and fast social sharing of web content. Tools like AddThis, ShareThis, and other CMS plugins that enable social sharing, are ubiquitous.
Veracode’s mission is to secure the software that runs the world. Our marketing department is no exception. When we recently looked at the security posture of the veracode.com website we found we were using too many untrusted third party widgets that put site visitors at risk and could even be potentially used to deface our website. Instead of removing this functionality from the website or staying with the risky status quo, we took it upon ourselves to build a safer alternative.
Platforms like WordPress and Drupal have made publishing and building a web site a breeze, but plug’n play has led to lots of buggy code. Is it time for secure alternatives?
I’m a big fan of WordPress, the amazing and flexible content management platform that makes setting up a sophisticated, classy Web site available to anyone who can use a keyboard and mouse. The most amazing thing about the platform and others like it – including Drupal, Moveable Type – is the incredible diversity of add-ons and plug ins that allow you to integrate cool new features without any coding.
From time to time we develop simple applications or tools to help address specific business requirements, or to highlight a piece of security research. Today I’m excited to announce the release of SmartShare, a free tool designed to offer developers, bloggers and marketers a more secure method of on-site bookmark sharing.
Building airplanes and software applications are very different. Except when they’re not. How the software industry can learn from aviation’s culture of safety.
Imagine this not-too-unusual scenario: on February 1st, security firms identify a string of sophisticated attacks against prominent firms in the defense industrial base, energy and high tech fields.
Just another day at the office. Anonymous hacked into a Federal Reserve computer. Wait, what? Don’t worry, the attackers did not make off with any money, as far as we can tell, or disrupt any critical functions. What did they get? Just the details of 4000 bank executives. The data has been posted to pastebin and hosted on several compromised sites including other government sites. Someone even sent me a link to the data hosted on a gov.cn server!
Many years ago, you got your first job and bought your first car. It was a reasonable price, sturdy, and you made sure always to wear your seatbelt and not to break the posted speed limit too badly. It did its job and served you well as you went to college and started your career.
For our government readers. I want to briefly draw your attention to the newly signed Department of Defense National Defense Authorization Act (NDAA) of 2013 and the revised Federal Information Security Management Act (FISMA).
Why is so much software so insecure? You can blame Mark Zuckerberg. No. Really.
Here are a couple, seemingly contradictory facts: we, as an industry, understand much, much more about how to write software securely today than we did ten years ago. And – fact number two: there’s far more, insecure software being written today than there was ten years ago. Why?
A few days ago Duck Duck Go, the search engine that advocates privacy and opposes tracking of any sort, released an awesome guide for Data Privacy Day. Their guide outlines how to prevent your browser from tracking you in any way possible.