Software Integrity

Archive for October 2014

 

POODLE: Yet another attack on SSLv3 (SSL 3.0)

POODLE Introduction The POODLE (Padding Attack On Downgraded Legacy Encryption) attack was published by Bodo Möller, Thai Duong, and Krzysztof Kotowicz of Google in a security advisory last month (September 2014). The attack is on SSL 3.0 (SSLv3), an obsolete and insecure protocol, and allows an attacker to decrypt authentication cookies for websites. To exploit […]

Continue Reading...

Posted in Software Security Testing | Comments Off on POODLE: Yet another attack on SSLv3 (SSL 3.0)

 

Software security and the user interface

We had an internal discussion the other day about the pros and cons of connecting professionally with random folks. During that discussion a separate thread was started about how to hide who you are connected to from your other connections. The idea was that it is OK to connect with someone but not allow that […]

Continue Reading...

Posted in Software Security Testing, Web Application Security | Comments Off on Software security and the user interface

 

Red teaming a holistic view of security

Software pervades our everyday lives: cellphones, tablets, fitness monitors, websites, networked home appliances, medical equipment, drones and automated vehicles. We expect software to work, often overlooking the need for the software running these systems to be secure. While we stress the importance of building security in throughout the SDLC there are outside vehicles like rogue wireless […]

Continue Reading...

Posted in Mobile Application Security, Red Teaming, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on Red teaming a holistic view of security