Application Security

Application Security news, information, and how-to advice

SQL injection flaw in Wall Street Journal database led to breach

The publisher said the intrusion did not affect customers' data

serverskulls header

Do security seals on websites matter?

Does a security seal on a website demonstrate a commitment to security?

Google bug-hunting Project Zero could face software developer troubles

Google's launch of a bug-hunting initiative has raised concerns over how the company will handle conflicts with vendors unable to patch software before Google's deadline for reporting vulnerabilities.

samsungknox

Despite rumors, Samsung says they have no plans to nix Knox platform

On Wednesday, a report from Forbes left some security experts scratching their heads, when a contributor for the publication reported that Samsung was throwing in the towel on the Knox platform.

Google blocks bogus digital certificates issued in India

It's unclear how the certificates were issued by the country's National Informatics Centre

Vulnerability in AVG security toolbar puts IE users at risk

Bad design decisions could have enabled malware infections, researchers from CERT/CC said

serverskulls header

FireEye investigating recent vulnerability disclosures

FireEye is investigating the disclosure of multiple vulnerabilities in their Malware Analysis System (MAS), by a researcher who claims they were fired over the release.

Is it possible to create bug-free software?

Can the world be rid of software bugs and vulnerabilities that are open to exploitation?

Microsoft debugs Explorer, Windows with Patch Tuesday updates

Critical IE patches address vulnerabilities that could lead to remote code execution

Tools catch security holes in open source code

Given its prevalence, open source code is virtually impossible to avoid, but the proper steps need to be taken address its vulnerabilities

Security lock

Hadoop's success drives efforts to make it more secure

Security seen as key to enterprise acceptance

skullkey2

Twenty-year-old vulnerability in LZO finally patched

After twenty years, a vulnerability in Lempel-Ziv-Oberhumer (LZO), an extremely efficient compression algorithm, has finally been patched. The flaw, a subtle integer overflow, existed for as long as it did because of the practice of...

NCC Group's new '.trust' domain promises Internet security overhaul

Designed to make phishing and other abuses harder

Got breached Yo

The ill conceived social media application called Yo was digitally disemboweled this past week.

Hacker puts 'full redundancy' code-hosting firm out of business

CodeSpaces.com shut down after a hacker gained access to its Amazon EC2 account and deleted most data, including backups

googleplay

Companies warned of major security flaw in Google Play apps

University researchers have found that developers often store authentication keys in the Android apps on Google Play, making it possible for criminals to steal corporate or personal data.

As iPhone thefts drop, Google and Microsoft plan kill switches on smartphones

After a year of pressure, U.S. law enforcement officials announce a major success in their phone anti-theft push

Hacker puts 'full redundancy' code-hosting firm out of business

CodeSpaces.com shut down after a hacker gained access to its Amazon EC2 account and deleted most data, including backups

Slow rollout of SSL places users of LinkedIn at risk research says

According to research, users of LinkedIn could be vulnerable to Man-in-the-Middle (MITM) attacks, leading to account and personal information compromise.

Load More