A More Secure Architecture for Mobile

What do the latest Apple iPhone and many Samsung Galaxy Android phones have in common?  Each runs two separate operating systems on a single phone.  The application OS is the familiar iOS or Android OS.  Users download their apps and … Read More

Qualys’ Approach to Disclosing Vulnerabilities

In November of 2014, Qualys found a severe bug in Linux’s libc.  The gethostbyname routines were subject to buffer overflow.  Qualys developed a proof of concept exploit that showed how a specially crafted email could let an attacker gain remote … Read More

The Challenge of Mobile App Security

For years, OWASP has published a Top Ten 10 list of web application vulnerabilities.  The list is a good place to start for organizations looking to improve the security of their applications.

With the rise of mobile, OWASP now publishes … Read More

Chill Out, Google Project Zero!

On October 13, 2014, Google notified Microsoft that they had found a security bug in their software. Google’s Project Zero gives vendors 90 days before publicly disclosing the bug.  Microsoft fixed the bug, and asked Google for a bit more … Read More

Credit Card Numbers Considered Harmful

The PCI standard goes to great lengths to protect Personal Account Numbers (PANs), the numbers on our credit cards.  And if you are breached and PAN data stolen, the credit card companies can fine you.  They can also require you … Read More