You may have heard about the recently publicly disclosed vulnerability (http://support.apple.com/kb/HT6147) in Apple iOS. Let’s take a look at the goto fail details as well as at who is affected. Vulnerability Details As the code at http://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/sslKeyExchange.c shows, there is a bug in the implementation of the SSLVerifySignedServerKeyExchange function. Although the goto fail has been […]
How can business leaders guarantee that they won’t be the next headline security breach? How should companies even start to address software security? Watch the HP Discover Performance Weekly video featuring Cigital CTO, Dr. Gary McGraw, to find out.
Last Wednesday I spoke about password storage security in a WhiteBoard session. Fate has allowed a publicized password breach within a few days prior to these talks nearly without fail and, with the hack of Yahoo’s 3rd party database more than a week in the rear-view, I was a bit self-conscious. Cue the Kickstarter security […]
Software is in such a vulnerable state today. Most systems and networks were poorly designed and built from the start, which makes them even more difficult to defend against cyberwar, cyberespionage, and cybercrime attacks. We need to design and implement things to be more secure in the first place. Unfortunately, this is not the prevailing […]
Posted in Software Security Testing | Comments Off on JMU distinguished lecture: Cyber war, cyber peace, stones, and glass houses
The UK’s NHS web site (http://www.nhs.uk/), or to be precise, links embedded in it, have been infecting visitors with malware. At the end of the day, it was probably a straightforward typo in the coding of the web page. What lessons can we learn here? How could we have stopped that? Sadly, there’s not much […]