Software Integrity Blog

Author Archive

Taylor Armerding

tarmerding

Taylor Armerding is an award-winning journalist who left the declining field of mainstream newspapers in 2011 to write in the explosively expanding field of information security. He has previously written for CSO Online and the Sophos blog Naked Security. When he’s not writing he hikes, bikes, golfs, and plays bluegrass music. Follow him on Twitter @tarmerding2.


Posts by Taylor Armerding:

 

Is IoT a tool for Big Brother via DMCA?

What if it turns out that Big Brother is much more diverse, and a bit more subtle, than a monolithic figure at the head of an intrusive, tyrannical government? What if a component of an all-seeing, all-knowing dystopian overlord is our business sector—the companies that sell us our electronics, appliances, machines, cars, tools, and just […]

Continue Reading...

Posted in Internet of Things, Webinars | Comments Off on Is IoT a tool for Big Brother via DMCA?

 

World Cup device hacking dangers, Apple malware, and VPNFilter updates

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? The FIFA World Cup overfloweth—with hackers, forgeries take a bite out of Apple security, and routing us to “Hackerville” (a VPNFilter update). Watch this […]

Continue Reading...

Posted in Data Breach, Weekly Security Mashup | Comments Off on World Cup device hacking dangers, Apple malware, and VPNFilter updates

 

Microsoft acquires GitHub, Election Insecurity, and Ticketfly data breach

  Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and unsecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? GitHub acquired by Microsoft, election insecurity persists, and the Ticketfly data breach.  Play this week’s episode below:   Microsoft has snapped up […]

Continue Reading...

Posted in Data Breach, Government Security, Open Source Security, Weekly Security Mashup | Comments Off on Microsoft acquires GitHub, Election Insecurity, and Ticketfly data breach

 

The IoT: Too big (and buggy) to patch?

The Internet of Things (IoT) will never be too big to fail, although it is hard to conceive of the entire thing failing at once, unless every power grid on the planet goes down simultaneously. But it is in danger of increasing incremental failure because it is too big to patch, according to author, encryption […]

Continue Reading...

Posted in Internet of Things | Comments Off on The IoT: Too big (and buggy) to patch?

 

Digital license plates, GDPR risks and hackers, security bugs in AI robots

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? California puts a lot on your plate, the law of unintended consequences as it related to GDPR risks, and porous pepper. Watch the entire […]

Continue Reading...

Posted in Internet of Things, Weekly Security Mashup | Comments Off on Digital license plates, GDPR risks and hackers, security bugs in AI robots

 

VPNFilter, BMW connected car vulnerability, and Nest IoT devices go offline

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s episode, you ask? Russia vs. Ukraine, Beemer as the ultimate hackable machine, and Nest “smart home” devices. Learn more by watching the full episode below:   New VPNFilter […]

Continue Reading...

Posted in Automotive Security, Internet of Things, Software Architecture and Design, Weekly Security Mashup | Comments Off on VPNFilter, BMW connected car vulnerability, and Nest IoT devices go offline

 

Open source security report, Serious XSS vulnerabilities, and ICS attack vectors

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. 41% of cyber-security apps contain high-risk open source vulnerabilities via Davey Winder, author – SC Magazine –  The 2018 Open Source Security and Risk Analysis Report– the latest in a series of annual […]

Continue Reading...

Posted in Open Source Security, Software Security Initiative (SSI), Weekly Security Mashup | Comments Off on Open source security report, Serious XSS vulnerabilities, and ICS attack vectors

 

Bad Signal gets quick fix

It looked like a bright spot in a gloomy week for the encrypted messaging app Signal. And it was, in fact, a positive thing—a patch for a serious XSS (cross-site scripting) vulnerability that the company made available only hours after a public report of the problem. It just wasn’t quite as bright a moment as […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Bad Signal gets quick fix

 

Examining Spectre and Meltdown attacks

As you have no doubt heard, Spectre and Meltdown aren’t software bugs that can be fixed in a few days or weeks when a company pushes out a patch. They are part of the architecture of hardware – the chips that run your computer. And you don’t just roll out a patch for hardware. Chips […]

Continue Reading...

Posted in Software Architecture and Design, Static Analysis (SAST) | Comments Off on Examining Spectre and Meltdown attacks

 

SynAck ransomware, Spectre flaw updates, and patching

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Weekly Security Mashup episode. SynAck ransomware implements Doppelgänging evasion technique via Robert Abel, content coordinator/contributor – SC Magazine –  It’s getting tougher than ever to avoid becoming a ransomware “client.” Ransomware is obviously not new – it is […]

Continue Reading...

Posted in Weekly Security Mashup | Comments Off on SynAck ransomware, Spectre flaw updates, and patching