Software Integrity

Archive for February 2015

 

Software security sees a ghost

In early February, the software security industry saw a ghost. A previously overlooked flaw in Linux’s GNU C Library (glibc) was uncovered as a critical vulnerability that can be triggered by the “GetHOST” function (hence, the name “Ghost”). While this Ghost vulnerability is no otherworldly apparition, it still strikes fear in the hearts of organizations […]

Continue Reading...

Posted in Open Source Security, Software Security Testing, Vulnerability Assessment | Comments Off on Software security sees a ghost

 

5 tips to get started in the information security industry

Step 1: Become your own champion If you have access to a local technology or engineering association at your school or in your community, get involved. Many state and private universities offer online courses geared towards these fields, and some even provide more technical tracks for those with added experience. Once you’ve found a community […]

Continue Reading...

Posted in Application Security, Security Conference or Event, Security Training, Web Application Security | Comments Off on 5 tips to get started in the information security industry

 

What is MEMSCAN and how to use it

What is MEMSCAN? A Synopsys consultant, Grant Douglas, recently created a utility called MEMSCAN which enables users to dump the memory contents of a given iPhone app. Dumping the memory contents of a process proves to be a useful technique in identifying keys and credentials in memory. Using the utility, users are able to recover […]

Continue Reading...

Posted in Mobile Application Security, Vulnerability Assessment | Comments Off on What is MEMSCAN and how to use it

 

Breach in healthcare data: One step too far

I am a victim. One of every nine of you is also a victim. I am an Anthem customer, and according to CSO: “one in nine Americans have medical coverage through one of Anthem’s affiliated plans” (CSO, “Anthem: How does a breach like this happen?”, Steve Ragan). It is not just the scope of the […]

Continue Reading...

Posted in Data Breach, Healthcare Security, Insurance Provider Security | Comments Off on Breach in healthcare data: One step too far

 

Striking the balance: App security features and usability

Last week, I installed a new app from the Google Play store onto an Android device. While the app was downloading and installing, I took a look at a few of the user reviews and found their contents interesting. Four of the top 10 comments were both negative and related to security. The comments have […]

Continue Reading...

Posted in Application Security, Mobile Application Security | Comments Off on Striking the balance: App security features and usability

 

8 IT leaders react to news of the Anthem healthcare data breach

On Thursday, February 5, 2015 the world woke to learn of the largest healthcare data breach to date. Approximately 80 million records were accessed and those records contained the following details: name, birthday, social security number, email and phone. In this story on Becker’s Health IT & CIO Review, eight security experts share their perspective […]

Continue Reading...

Posted in Data Breach, Healthcare Security | Comments Off on 8 IT leaders react to news of the Anthem healthcare data breach

 

Build software security in. Don’t rely on a tower defense strategy

Too many firms treat software security as a “tower defense” game, when they lose to the attackers, they try to figure out how those attackers “got in” (often hiring a firm like Mandiant) and then they try to build their IT “walls” better. It is tempting to let the bad guy throw rocks at that […]

Continue Reading...

Posted in Software Security Testing, Threat Modeling | Comments Off on Build software security in. Don’t rely on a tower defense strategy

 

The role of randomness in online gambling

Synopsys has long certified the random number generators (RNGs) for online gaming sites. The role of random numbers in online gaming is simultaneously critical to the game’s integrity and poorly understood by most players. In this article we will take a look at the role of randomness, what certification can and cannot tell you about […]

Continue Reading...

Posted in Code Review | Comments Off on The role of randomness in online gambling