Application Security

Application Security news, information, and how-to advice

defenddrupal
computer chip circuit board technology electrical equipment mother board processor engineering 0000

ssl secure browser lock

Apple to stop SSL 3.0 support for push notifications soon

Apple is one of many companies moving to shut down SSL 3.0 for good

whisper

Whisper executive says tracking happens, but the data isn't exact

On Thursday, the Guardian published a story on how the anonymous secret sharing application, Whisper, was actually tracking users despite claims to the contrary.

poodle at play

Dreaded SSLv3 bug no monster, only a POODLE

On Tuesday, Google's Bodo Möller, along with fellow researchers Thai Duong and Krzysztof Kotowicz, disclosed the existence of a vulnerability in SSLv3, which allows the plaintext of secure connections to be calculated by an attacker...

What you should consider when choosing a password manager

Password managers offer many convenient options, but some come at the expense of security

Do we need to make SSL free to boost Internet security?

As concerns grow for ways to protect information on the Internet, maybe the best choice is to include security in part of the package - no extra charge.

148470916

Yahoo says attackers looking for Shellshock found a different bug

The bug has now been fixed and user data was not at risk, the company said

yahoo sign

Yahoo says they're patching servers compromised by Shellshock

Jonathan Hall, of Future South Technologies, said that he uncovered a botnet running on two Yahoo servers, managed by a group of hackers out of Romania. Yahoo has confirmed the incident, and said they are working to resolve the issue....

keyboard app security

Alternate keyboard apps: Too risky for your smartphone?

Alternative keyboard apps are just one glaring example of how protecting your privacy requires diligence.

android browser

Android browser flaw found to leak data

A security researcher has found another flaw in the Android browser that a cybercriminal could use to steal sensitive data.

jpmorgan

JPMorgan says breach impacted 76M households and 7M small businesses

On Thursday, JPMorgan Chase (JPMC) updated investors about their recently disclosed data breach in an 8-K filing with the Securities and Exchange Commission. The incident impacts 76M households and 7M small businesses.

14 tips to secure cloud applications

Enterprises are now clamoring for the corporate security gateway to give way to the new cloud application security gateway.

shellshocked3

Shellshock attackers targeting NAS devices

Researchers have discovered hackers trying to exploit the Shellshock Bash vulnerability to compromise network attached storage devices in universities in the U.S., Japan and Korea.

Apple store fifth avenue NYC

Apple's Shellshock patch is incomplete experts say

On Monday, Apple released three patches to address two vulnerabilities in GNU Bash, commonly referred to as Shellshock. Experts who have tested the various known attack surfaces say that Apple's patch doesn't fix everything.

482251631

Attacks against Shellshock continue as updated patches hit the Web

Over the weekend, attackers used the recently disclosed Shellshock vulnerability in a number of schemes, while developers at some of the world's largest technology firms worked to release updated patches.

serverskulls header

Shellshock Bash vulnerability being exploited in the wild, Red Hat says patch incomplete

On Wednesday, AusCERT and MalwareMustDie reported that Shellshock is being exploited in the wild. Shellshock is the name given to a vulnerability that exists in GNU Bash versions 1.14 through 4.3, and the problem is likely to surpass...

The FBI’s big, bad identification system

The FBI’s formidable Next Generation Identification is up and running

danger

Remote exploit vulnerability in bash CVE-2014-6271

A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271 and has been given the name Shellshock by some. This...

Apple iOS 8 on the iPhone

iPhone 6 fingerprint scanner found accurate enough for Apple Pay

Apple's iPhone 6 fingerprint scanner has a level of accuracy that makes it a solid authentication tool for people planning to use the smartphone in place of a credit card for in-store purchases, research shows.

Load More