Tyler Shields

Tyler Shields is a Senior Researcher for the Veracode Research Lab whose responsibilities include understanding and examining interesting and relevant security and attack methods for integration into the Veracode product offerings. He also keeps track of new developments from other computer science and information security researchers to ensure that Veracode technologies are always kept in line with the most recent security advancements.
Posts by Tyler Shields

Privacy and Confidentiality on the Eve of the Facebook IPO

May 17, 2012

Tonight is the last night that Facebook will be a privately held company. In the morning, Facebook shares will hit the market and there will be a feeding frenzy from investors world wide. Stock buyers will put up somewhere near 16 billion (yes with a "B") dollars to own a portion of the social networking behemoth. However, the Veracode blog isn't a stock trading or business blog, it... READ MORE

When In Rome (Or When At Caesars...)

July 27, 2011

It's that time of year again... A time when all the most interesting people, ideas, concepts, and attacks are on display in Las Vegas. That's right, we are talking about Blackhat USA and associated conferences. Every year about a week before conference time, all the security analysts, researchers, and talking heads begin to espouse their thoughts regarding which of of the conference sessions will... READ MORE

Mobile Security - Users Just Don't Care

June 21, 2011

It's not that users "don't want to keep their data safe". They do. Most corporate users don't want their personal or corporate, private information, available to someone else. They don't want their email stolen or their contacts pillaged. So why do people insist on ignoring the multitude of security recommendations on how to have a more secure mobile work environment? The answer to this question... READ MORE

Mobile App Privacy Continued...

April 8, 2011 3

[UPDATE! April 15: Pandora removes all advertising libraries from its Android and iPhone apps!] The blog post we made earlier this week entitled, Mobile Apps Invading Your Privacy, gives detail around the information being requested by the advertisement libraries embedded inside a popular online radio application. There have been a number of great posts and comments that got us thinking more... READ MORE

Mobile Apps Invading Your Privacy

April 5, 2011  | 20

[April 8: We've added some more information in a follow-up post] Background An article in the Wall Street Journal, dated April 5, 2011, disclosed that Federal prosecutors in New Jersey are investigating numerous smart phone application manufacturers for allegedly, illegally obtaining and distributing personal private information to third party advertisement groups. The allegations state that... READ MORE

Identifying the Mobile Security Stack

March 24, 2011

Increasing smartphone adoption rates coupled with the rapid growth in smartphone application counts have created a scenario where private and sensitive information is being pushed to the new device perimeter at an alarming rate. The smartphone mobile device is quickly becoming ubiquitous. It is not inconceivable to predict, in the near future, a world where smartphone and mobile device Internet... READ MORE

Malicious Mobile Code Meets Exploit Selling

March 25, 2010

I've been focused on conducting research into the mobile spyware arena these last few months and the results have been very interesting. As I'm sure you are aware, I released a fully functional piece of Blackberry Spyware called txsBBSpy at the Shmoocon security conference in February 2010 and have done a number of interviews and podcasts on the topic. While my research is interesting, other high... READ MORE

Mobile Malware Counterpoints

February 17, 2010

There have been a lot of great articles written in the wake of my presentation on Mobile Spyware at Shmoocon 2010. Many of them show wonderful insight into the problems that mobile carriers and owners of the mobile applications stores are facing. However, for every handful of great articles, we occasionally come across a technical expert that presents a different viewpoint. Usually it's best to... READ MORE

Trust Your Own Code?! Trust Your Own Compiler?!

August 20, 2009

Trust has long been a favorite target of malicious individuals. Most people would say that proper management of trust is one of the primary cornerstones of information security. Trust is a relative term and all trust relationships should be examined with a very critical eye. Ken Thompson's seminal paper "Reflections on Trusting Trust", which won a Turing Award, addresses in detail why we can... READ MORE

The Mobius Defense – An Impetus for Application Security

June 30, 2009  | 5

The “Mobius Defense” is a somewhat novel defense model proposed by Pete Herzog, founder of ISECOM and lead author of the Open Source Security Testing Methodology Manual (OSSTMM). Before continuing to read the following post I suggest you take a few minutes and breeze through the slide deck linked here. It’s an easy and interesting read so get to it… Mr. Herzog suggests in... READ MORE

 

 

contact menu