Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

Mozilla Funds Effort to Find Next Heartbleed

A new program, Secure Open Source, aims to discover and remediate serious vulnerabilities in common open source software.

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on Mozilla Funds Effort to Find Next Heartbleed

 

Symantec announces anomaly detection for automotive

Maybe you’re not yet worried about a remote hacker disabling the brakes on your car, but anti-virus vendor Symantec has produced an anomaly detection system for automobiles that doesn’t require OEMs to install new hardware and claims to identify zero-day attacks.

Continue Reading...

Posted in Automotive Security | Comments Off on Symantec announces anomaly detection for automotive

 

Podcast: Billy Rios on the good and the bad of Heartbleed, Part 1

Two years after its disclosure, the vulnerability in OpenSSL known as Heartbleed remains significant. There are valuable lessons still to be learned both about how the vulnerability was initially discovered and how the security community has responded over time.

Continue Reading...

Posted in Fuzz Testing, Internet of Things, Open Source Security | Comments Off on Podcast: Billy Rios on the good and the bad of Heartbleed, Part 1

 

Researcher finds Mitsubishi Outlander can be remotely hacked

In response to new research, Mitsubishi is recommending that owners of its European Outlander model turn off the Wi-Fi system while it investigates potential vulnerabilities.

Continue Reading...

Posted in Automotive Security | Comments Off on Researcher finds Mitsubishi Outlander can be remotely hacked

 

Irongate attacks ICS Siemens Step 7 PLCs—Similar to Stuxnet

A new family of ICS-focused malware, dubbed Irongate, interferes with industrial process running within a simulated Siemens control system environment.

Continue Reading...

Posted in General | Comments Off on Irongate attacks ICS Siemens Step 7 PLCs—Similar to Stuxnet

 

How Distributed Weakness Filing might help MITRE’s CVE

Complaints about the current Common Vulnerabilities and Exposures (CVE) system from the MITRE organization have advanced a new community-powered Distributed Weakness Filing (DWF) system. DWF is available on GitHub.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on How Distributed Weakness Filing might help MITRE’s CVE

 

Tesla pushing out “inert” software updates

Owners of Tesla are passively participating in a beta test of new self-driving software from the manufacturer.

Continue Reading...

Posted in Automotive Security | Comments Off on Tesla pushing out “inert” software updates

 

Maritime vessels new targets for cyber attacks

New research suggests that maritime vessels are under significant threat of cyber-attack because they were not designed with cyber security in mind and carry outdated software.

Continue Reading...

Posted in General | Comments Off on Maritime vessels new targets for cyber attacks

 

For want of a CVE: MITRE’s ongoing CVE backlog

At a security conference this week, researchers complained about the CVE backlog at MITRE, related to the organization’s handling of new vulnerabilities, and the difficulties of getting a CVE assigned.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on For want of a CVE: MITRE’s ongoing CVE backlog

 

Podcast: ISO 26262 compliance through software testing

Standards are, without a doubt, important in any industry. Swipe your credit card at the cash register, and behind scenes there’s PCI DSS safeguarding how the credit card information is processed and stored. For wireless communications, there’s IEEE 802. And for the automotive industry, there’s ISO 26262, a standard which covers electronic systems in automobiles and road vehicles.

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on Podcast: ISO 26262 compliance through software testing