Application Security

Application Security news, information, and how-to advice

Unlocked circuit board / security threat
wordpresstime

pci security compliance

5 PCI Compliance gaps

With the holiday shopping season coming up, and crooks lining up to take advantage of the stress and confusion, this is a good time for merchants to review their payment security procedures.

us uk flags

Governments act against webcam-snooping websites

Insecam, which broadcast feeds from unsecured webcams, no longer works

windows 95

Microsoft fixes severe 19 year-old Windows bug found in everything since Windows 95

With help from IBM, Microsoft has patched a critical vulnerability that flew under the radar since the launch of Windows 95.

drupal7

Mistaken identity: Indiana Dept. of Education hacked a second time

Late last week, the Indiana Department of Education was defaced for a second time; just days after attackers claiming to represent the Nigeria Cyber Army used a vulnerability in the website's CMS platform to initiate the first attack....

drupal7

Drupal vulnerability blamed for problems at Indiana Dept. of Education

On Monday, Indiana's Department of Education glimpsed the dark side of patch management, after administrators discovered that their website had been defaced. The root cause of the defacement was their vulnerable Drupal installation,...

Students taking a test

Popular messaging apps fail EFF's security review

The organization ranked 39 digital communication tools based on security features and best practices

Chrome

Google to kill off SSL 3.0 in Chrome 40

In the meantime, Chrome 39 will no longer support SSL 3.0 fallback for TLS connections

defenddrupal

What you need to know about the Drupal vulnerability CVE-2014-3704

Do you use Drupal for your personal website? Does your company use Drupal? Can’t recall the last time it was patched? It is a safe bet to assume that you’ve already been compromised. Here's what to do next

computer chip circuit board technology electrical equipment mother board processor engineering 0000

Chipmaker deliberately cripples user devices with driver update

FTDI, creator of a popular line of USB-to-Serial chips used by hardware hackers and embedded in a number of consumer devices the world over, is using a driver update to crush counterfeiters by rendering the fake chips useless once...

ssl secure browser security lock

Apple to stop SSL 3.0 support for push notifications soon

Apple is one of many companies moving to shut down SSL 3.0 for good

whisper

Whisper executive says tracking happens, but the data isn't exact

On Thursday, the Guardian published a story on how the anonymous secret sharing application, Whisper, was actually tracking users despite claims to the contrary.

poodle at play

Dreaded SSLv3 bug no monster, only a POODLE

On Tuesday, Google's Bodo Möller, along with fellow researchers Thai Duong and Krzysztof Kotowicz, disclosed the existence of a vulnerability in SSLv3, which allows the plaintext of secure connections to be calculated by an attacker...

What you should consider when choosing a password manager

Password managers offer many convenient options, but some come at the expense of security

Do we need to make SSL free to boost Internet security?

As concerns grow for ways to protect information on the Internet, maybe the best choice is to include security in part of the package - no extra charge.

148470916

Yahoo says attackers looking for Shellshock found a different bug

The bug has now been fixed and user data was not at risk, the company said

yahoo sign

Yahoo says they're patching servers compromised by Shellshock

Jonathan Hall, of Future South Technologies, said that he uncovered a botnet running on two Yahoo servers, managed by a group of hackers out of Romania. Yahoo has confirmed the incident, and said they are working to resolve the issue....

keyboard app security

Alternate keyboard apps: Too risky for your smartphone?

Alternative keyboard apps are just one glaring example of how protecting your privacy requires diligence.

android browser

Android browser flaw found to leak data

A security researcher has found another flaw in the Android browser that a cybercriminal could use to steal sensitive data.

Load More