A More Secure Architecture for Mobile
What do the latest Apple iPhone and many Samsung Galaxy Android phones have in common? Each runs two separate operating systems on a single phone. The application OS is the familiar iOS or Android OS. Users download their apps and … Read More
Qualys’ Approach to Disclosing Vulnerabilities
In November of 2014, Qualys found a severe bug in Linux’s libc. The gethostbyname routines were subject to buffer overflow. Qualys developed a proof of concept exploit that showed how a specially crafted email could let an attacker gain remote … Read More
The Challenge of Mobile App Security
For years, OWASP has published a Top Ten 10 list of web application vulnerabilities. The list is a good place to start for organizations looking to improve the security of their applications.
With the rise of mobile, OWASP now publishes … Read More
Chill Out, Google Project Zero!
On October 13, 2014, Google notified Microsoft that they had found a security bug in their software. Google’s Project Zero gives vendors 90 days before publicly disclosing the bug. Microsoft fixed the bug, and asked Google for a bit more … Read More
Credit Card Numbers Considered Harmful
The PCI standard goes to great lengths to protect Personal Account Numbers (PANs), the numbers on our credit cards. And if you are breached and PAN data stolen, the credit card companies can fine you. They can also require you … Read More