Category Archive for "Web Security"
The sorry state of certificate revocation
As much as I love PKI (public key infrastructure) and the mathematical security it can provide, it’s usually horribly implemented in the real world. If done right, like the inventors intended, it would be darn near perfect. It’s mostly broken…
5 signs your Web application has been hacked
When customers interact with your business, they most likely go through a Web application first. It’s your company’s public face — and by virtue of that exposure, an obvious point of vulnerability. Most attacks against Web applications are stealthy and…
The 4 commandments of basic data security
We’re not using Windows 95 anymore. Few Pentium I systems remain in production use, and the majority of the world no longer connects to the Internet through telephone lines and analog modems (though some poor souls still do). If those…
Xen fixes highly critical virtual machine flaw
The Xen Project fixed several vulnerabilities in its popular virtualization software, including one that could allow potential attackers to break out of a virtual machine and gain control over the host system. Vulnerabilities that break the isolation layer between virtual…
Man whose iPhone passcode DOJ wanted Apple to bypass enters guilty plea
Jun Feng, a defendant in a criminal case, has entered a guilty plea, removing pressure from a New York court to decide quickly whether Apple is required to aid investigators by bypassing his iPhone 5s passcode. Feng was indicted on…
CISA: The new security law doesn't help security
The Senate this week overwhelmingly passed the Cybersecurity Information Sharing Act, a surveillance bill that festered in Congress for four years masquerading as security legislation. CISA will succeed in putting a lot more personal information about citizens into the hands of…
Hackers infect MySQL servers with malware for DDoS attacks
Hackers are exploiting SQL injection flaws to infect MySQL database servers with a malware program that’s used to launch distributed denial-of-service (DDoS) attacks. Security researchers from Symantec found MySQL servers in different countries infected with a malware program dubbed Chikdos…
Biometric data becomes key to encryption in Fujitsu system
Fujitsu says it has developed software that uses biometric data directly as the basis for encryption and decryption of data, simplifying and strengthening security systems that rely on biometrics such as fingerprints, retina scans, and palm vein scans. Current security…
9 notorious hackers: Who they are, why they did it
You could be whoever you wanted Image by flickr/the euskadi 11 The origins of what we think of as modern hacker culture emerged from the same California milieu as the 1960s counterculture, and it shows. In 1973, programmers from Berkeley…
LogMeIn acquires LastPass to beef up identity portfolio
LogMeIn, a provider of cloud-based IT access and management tools, has acquired cloud-based password manager service LastPass. LastPass is popular with users for its focus on security, excellent customer service, and commitment to transparency. When it was recently targeted in…