Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

Blast from the past: 15-year-old security hole hits websites

A flaw in Httpoxy, first disclosed 15-years ago, has resurfaced and potentially leaves server-side website software open to hijackers. In response, The Apache Software Foundation, Red Hat, Ngnix and others have rushed to patched the httpoxy flaw, officially known as: CVE-2016-5385 in PHP; CVE-2016-5386 in Go; CVE-2016-5387 in Apache HTTP server; CVE-2016-5388 in Apache TomCat; […]

Continue Reading...

Posted in Web Application Security | Comments Off on Blast from the past: 15-year-old security hole hits websites

 

Software glitch affects Southwest Airlines flights

On Wednesday, technical problems with software disrupted nationwide travel for about three hours on Southwest Airlines. The Texas-based company confirmed the difficulties to USA Today. “We are now managing flight delays across our system,” the airline added in its statement from 4:40 p.m. ET. “We apologize to our customers whose travel plans are impacted. We […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Software glitch affects Southwest Airlines flights

 

Oracle releases its largest security software update

On Tuesday, Oracle released a record 276 fixes for vulnerabilities across an array of its software. The July security advisory affects 84 products in total, including Fusion Middleware, MySQL, Java and Enterprise Manager software. Of the 276 vulnerabilities, at least 159 can be exploited remotely without authentication, most often over a vulnerable network and without […]

Continue Reading...

Posted in Software Architecture and Design, Web Application Security | Comments Off on Oracle releases its largest security software update

 

Flaw in ASN.1 code library could impact every form of communications

A code library used in a wide range of telecommunication products, including radios in cell towers, routers, and switches, as well as the baseband chips in individual phones contains a flaw that makes it possible to eavesdrop or disrupt entire networks. An advisory published Monday evening describes a flaw in the way most systems implement […]

Continue Reading...

Posted in Critical Infrastructure Security | Comments Off on Flaw in ASN.1 code library could impact every form of communications

 

Researcher finds theoretical way to stop auto hacking—By listening to clocks

A new detection system listens for normal CAN-BUS traffic, and blocks nascent attacks in connected cars. A new paper, from University of Michigan researchers Kyong-Tak Cho and Kang Shin, proposed the creation of an easy-to-assemble tool they call the Clock-based Intrusion Detection System, or CIDS. The tool records the communications on a car’s internal network […]

Continue Reading...

Posted in Automotive Security | Comments Off on Researcher finds theoretical way to stop auto hacking—By listening to clocks

 

Former Google engineer launches blockchain-enabled OS for financial services

A former Google engineer has created an operating system for the financial service industry that uses blockchain, a component developed by Bitcoin. Known as Vault OS, the operating system creates a shared database in which participants can trace every transaction ever made. The ledger used is both tamperproof and transparent. That means transactions can be […]

Continue Reading...

Posted in Financial Services Security | Comments Off on Former Google engineer launches blockchain-enabled OS for financial services

 

iPhone loss prompts HIPAA violation

The Office for Civil Rights, which oversees and enforces HIPAA has fined the Catholic Health Care Services (CHCS) of the Archdiocese of Philadelphia $650,000 over the theft of an iPhone containing patient information. The data lost concerned the protected health information of 412 nursing home residents. OCR found that CHCS lacked the required risk analysis […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on iPhone loss prompts HIPAA violation

 

Podcast: MISRA and software testing

Standards. Whether they are advisory or compulsory, standards developed for code development promote safety, quality, and security. This is especially important in life-critical industries such as automotive and medical. One example is MISRA C which provides software development guidelines for the C programming language. In this week’s podcast I talk with Nelson Tam, Product Marketing […]

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Podcast: MISRA and software testing

 

iOS Pokemon GO has full access to your Google account (for now)

Perhaps the number one game app in the world right now, Pokemon GO developers admit their app has too much Google access on iOS devices. On Monday, security researcher Adam Reeve posted that iOS-based Pokemon GO players who used their existing Google email account to create a game account may have given the game full […]

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design | Comments Off on iOS Pokemon GO has full access to your Google account (for now)

 

Android full-disk encryption flaw may have been previously known to Google

A vulnerability exploiting full disk encryption of Qualcomm-based Android smartphones may have been disclosed to Google more than one year prior to the patch issued last May. A vulnerability exploiting full disk encryption of Qualcomm-based Android smartphones may have been disclosed to Google up to one year prior to the patch issued last May. In […]

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design | Comments Off on Android full-disk encryption flaw may have been previously known to Google