Google is adding a new security feature to Android designed to scan installed apps on a device and ensure that they’re not acting maliciously or taking unwanted actions. The system is built on Google’s existing app-verification model, which warns users if there’s a potential problem with an app they’re installing. The addition to Android’s security[...]
There’s nothing the Internet loves more than a fat, juicy story that it can sink its sharpened, yellowing canines into. And for the security community, the OpenSSL heartbleed vulnerability has been the equivalent of a 72-ounce steak. But an Internet-breaking vulnerability like this one is no good unless we can learn something from it (or[...]
Two Netflix security engineers released an open source attack detection tool for Web applications that responds with tactics aiming to frustrate hackers.
BlackBerry’s Security Incident Response Team (BBSIRT) today released a security advisory resolving a remote code execution vulnerability in BlackBerry 10.
Bruce Schneier said during his Source Boston keynote that history will not look kindly on society’s tradeoff of privacy for convenience in the age of surveillance.
Adobe released updates for both its Flash Player and AIR software yesterday, patching four critical vulnerabilities, including one that was exposed at last month’s Pwn2Own hacking competition.
The list of products and sites affected by the OpenSSL heartbleed vulnerability continues to grow, and as security teams implement the patch and dig into the thornier work of revoking certificates, a new problem is emerging: It’s difficult to know whether an attacker has exploited the vulnerability on a given system.
The BEAST attack on some TLS implementations made major news when it was disclosed, showing that attackers could intercept and decrypt SSL-protected sessions in real time, breaking a significant portion of the confidentiality model of the protocol. Vendors rushed to patch and implement mitigations. That was in 2011. Nearly three years later, Siemens is pushing[...]
Etsy security engineer Kenneth Lee told Source Boston attendees about the online marketplace’s application security program, in particular its use of Feature Flags.
As expected, Microsoft issued its final epitaph for Windows XP today, pushing out four security bulletins for 11 vulnerabilities, including the last updates it will address in the oft maligned, thirteen-year-old operating system.