Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

Bangladesh Bank security breach prompts U.S. probe

The SWIFT secure financial messaging system is under U.S. government scrutiny after last week’s disclosure of the theft of millions from a Bangladesh Central Bank account at the Federal Reserve Bank of New York. Although smaller transfers between the Bangladesh bank and the federal reserve did go through, a large transfer of between $850-$870 million was stopped at a transfer bank, Deutsche Bank, which noticed a typographical error within the request. Now U.S. Congresswoman Carolyn Maloney (D- New York) is requesting an investigation into how large foreign financial transfers should be conducted.

Continue Reading...

Posted in Data Breach, Financial Services Security | Comments Off on Bangladesh Bank security breach prompts U.S. probe

 

Uber wants you to find its software flaws

The ride-sharing company Uber today released a technical map of its computer and communications system along with an invitation to security researchers help secure their software. According to the Reuters News Service, Uber has released a “treasure map” of its software infrastructure, identifying what sorts of data might be exposed inadvertently and suggesting what types of flaws are the most likely to be found. A list on HackerOne enumerates what is and what is not a valid vulnerability.

Continue Reading...

Posted in Automotive Security | Comments Off on Uber wants you to find its software flaws

 

Apple iMessage vulnerability patched in iOS 9.3

Communications via Apple’s popular iMessage are vulnerable with a software flaw that could allow attackers to decrypt a photo stored on the company’s iCloud backup system, according to Matthew D. Green, a computer science professor at Johns Hopkins University. Green led the research team that found the bug in Apple’s encryption that would enable an attacker to decrypt photos and videos sent as secure instant messages. It would not, according to the WashingtonPost.com, allow an attacker to decrypt an entire iPhone, however.

Continue Reading...

Posted in Mobile Application Security | Comments Off on Apple iMessage vulnerability patched in iOS 9.3

 

VMware patches XSS flaws

A security advisory posted on VMWare warns of two “important” vulnerabilities are found within the VMware vRealize Automation and VMware vRealize Business Advanced and Enterprise software platforms. The flaws, the company, said, could lead to the compromise of user workstations. Both are cross-site scripting (XSS) issues.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on VMware patches XSS flaws

 

Adobe Flash flaw compromises ‘kid-friendly’ tablet

It’s a familiar story: A newly disclosed software flaw could allow a remote hacker to follow a user’s online activity, activate the in-built microphone, and take pictures using the front-facing camera on the device. The problem is in this case the device is a kid’s toy from LeapFrog.

Continue Reading...

Posted in Internet of Things | Comments Off on Adobe Flash flaw compromises ‘kid-friendly’ tablet

 

Big banks as security vendors

Stung by early data breaches, some big banks have been quietly developing their own software products to protect their global assets.

Continue Reading...

Posted in Financial Services Security | Comments Off on Big banks as security vendors

 

Typo halts billion dollar bank theft

Criminal hackers looking to steal roughly a billion dollars from a bank in Bangladesh were stopped by a common mistake: a spelling error. Although smaller transfers between the Bangladesh central bank and the Federal Reserve Bank of New York did go through, a large transfer of between $850-$870 million was stopped at a transfer bank, Deutsche Bank, which noticed the error. Some of the money was intended for a possibly fictitious non-profit organization, the Shalika Foundation. On the transfer request the criminal hackers misspelled foundation as “fandation,” which prompted a review by the Deutsche Bank of the that and other recent transactions from Bangladesh.

Continue Reading...

Posted in Financial Services Security | Comments Off on Typo halts billion dollar bank theft

 

Smart home, dumb software mistake

Over the weekend, Hive, which is an automated home thermostat system run by British Gas. suffered a glitch, causing dozens of customers to boil with rage – literally.

Continue Reading...

Posted in Internet of Things | Comments Off on Smart home, dumb software mistake

 

U.S. to re-negotiate Wassenaar Arrangement

After six months of feedback from the US security community, the United States said on Tuesday it would re-negotiate the Wassenaar Agreement, particularly the part covering hacking and surveillance—cybersecurity. In a letter from the National Security Council’s Senior Director for Legislative Affairs, Caroline Tess, made public by the White House on Tuesday to the Associated Press, said “keeping these technologies from illegitimate actors must not come at the expense of legitimate cybersecurity activities.”

Continue Reading...

Posted in General | Comments Off on U.S. to re-negotiate Wassenaar Arrangement

 

New OpenSSL flaws to be patched

On Tuesday, the first day of RSA 2016, the OpenSSL project will released updates, specifically versions 1.0.2g, 1.0.1s. All that is known is that the organization ranks these with maximum severity “high”. According to the OpenSSL Policy, high means the patch will include issues that are of a lower risk than critical, perhaps due to affecting less common configurations, or which are less likely to be exploitable.

Continue Reading...

Posted in Open Source Security | Comments Off on New OpenSSL flaws to be patched