Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

FCC to investigate SS7 mobile phone vulnerabilities

On Wednesday, the Federal Communications Commission (FCC) announced it would investigate use by cellular carriers use of legacy mobile phone technology vulnerable to attack. The global mobile network known as Signaling System No. 7 or SS7 is known to be vulnerable to remote attacks that allow others to eavesdrop on phone calls anywhere in the […]

Continue Reading...

Posted in Mobile Application Security | Comments Off on FCC to investigate SS7 mobile phone vulnerabilities

 

Podcast: Securing the supply chain through procurement language, Part 1

Procurement language in software. The concept of holding someone contractually liable for the statements they make about the quality, reliability, and—most of all—security of the software they are providing. Many industries have specific hardware procurement requirements for parts introduced into their supply chains, but what about software? Until recently, there has not been real pressure […]

Continue Reading...

Posted in Critical Infrastructure Security, Medical Device Security | Comments Off on Podcast: Securing the supply chain through procurement language, Part 1

 

PCI DSS v3.2 to require more software testing

The PCI Security Standards Council (SSC) will soon release version 3.2 of the Payment Card Industry (PCI) – Data Security Standards (DSS), and, based on a preview, it is expected to have more testing for payment system software. At the end of April, the standards council will publish an overview of 3.2 with a timeline […]

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on PCI DSS v3.2 to require more software testing

 

School libraries vulnerable to ransomware

Over 3 million Internet-accessible servers, including those used in school libraries, are vulnerable to a new strain of ransomware that encrypts data on servers until a fee, usually in bitcoin, is paid, according to a Talso blog from Cisco. On Friday, researchers reported several new JBoss vectors identified with the spread of the SamSam malware […]

Continue Reading...

Posted in Uncategorized | Comments Off on School libraries vulnerable to ransomware

 

Connected trucks could pave the way for autonomous cars

On Thursday, representatives from the Netherlands will meet with the EU in Rotterdam to define potential changes to legislation to make self-driving cars a reality in Europe. This comes at the end of a successful trial where a platoon of trucks was connected over Wi-Fi, with the first vehicle determining the speed and route of […]

Continue Reading...

Posted in Automotive Security | Comments Off on Connected trucks could pave the way for autonomous cars

 

Report finds criminal use of zero days doubled in 2015

The latest edition of the Symantec Internet Security Threat Report finds that the use of zero days, software flaws previously unknown to the software vendor, doubled in 2015 over the previous year. That’s a 125 percent increase from the year before. Or, as Symantec phrased it on their web site, that’s a new zero-day vulnerability […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Report finds criminal use of zero days doubled in 2015

 

Open Source Vulnerability Database suspends operation

The Open Source Vulnerability Database is no more. “We are not looking for anyone to offer assistance at this point, and it will not be resurrected in its previous form,” the organizers wrote in a blog post. “This was not an easy decision, and several of us struggled for well over ten years trying to […]

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on Open Source Vulnerability Database suspends operation

 

Toyota working with Microsoft Azure on new connected services

Toyota announced it will expand its five-year-old partnership with Microsoft. In a blog published Monday, Microsoft said the intent is for Toyota to create new internet-connected vehicle services for owners and dealers. “We’ve all been talking about big data for a long time, but we are at a unique point in history where the technology […]

Continue Reading...

Posted in Automotive Security | Comments Off on Toyota working with Microsoft Azure on new connected services

 

Podcast: Rauli Kaksonen on discovering Heartbleed

It’s been two years since a critical vulnerability, CVE-2014-0160 better known as Heartbleed, was first disclosed. The flaw, found in certain older versions of OpenSSL, did not properly handle Heartbeat Extension packets, protocol is to determine the persistence of the another machine in a transaction, in this case the encryption between a client and a […]

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on Podcast: Rauli Kaksonen on discovering Heartbleed

 

2 years later, 200K+ IP addresses remain vulnerable to Heartbleed

The numbers aren’t impressive. In the first month after the Heartbleed vulnerability was disclosed in April 2014, nearly 300,000 IP addresses patched their systems. But over the course of the next 22 months, only one-third of the remaining vulnerable systems were patched. That means roughly 200,000 systems remain vulnerable worldwide today. Heartbleed is a SSL/TLS […]

Continue Reading...

Posted in Open Source Security, Web Application Security | Comments Off on 2 years later, 200K+ IP addresses remain vulnerable to Heartbleed