Application Security

Application Security news, information, and how-to advice

Graphic blue background with computer monitor and bug on top
fb servers

HP's ZDI discloses 4 new vulnerabilities in Internet Explorer

ZDI went public after extending the disclosure deadline twice with no fix forthcoming from Microsoft

security risk thinkstock keyboard

Core Linux tools top list of most at-risk software

In a Core Infrastructure Initiative survey of at-risk software most in need of close attention, many fundamental Linux utilities sit at the top

Critical flaw in ESET products shows why spy groups are interested in antivirus programs

The flaw could allow attackers to fully compromise systems via websites, email, USB drives, and other methods

Hammer breaks glass

HP drops the hammer on unpatched IE11 vulnerability

Microsoft refuses to patch 32-bit Internet Explorer, so HP's Zero Day Initiative responds with full proof-of-concept code

Software applications have on average 24 vulnerabilities inherited from buggy components

Developers often unwittingly use components that contain flaws

binary code open source

Open source: Big benefits, big flaws

Open source is now a dominant force in IT, but experts warn that it can also make things risky and may not be for everyone

email security

Macs in the office: Success breeds security FUD

By all means, secure your Macs -- but don't get taken for a ride when you do so

scales weight justice balance

Find the right balance between security and usability

Make sure your security reduces the burden on users to the minimum required to get the security you truly need

URL-spoofing bug in Safari could enable phishing attacks

Researcher develops code that can trick Safari into showing a different URL in its address bar than the one currently loaded

Google tightens restrictions on Chrome extensions

Most extensions for Windows and Mac will have to be installed from Google's Web Store

Apple logo, patched up

Apple's OS X 'Rootpipe' patch flops, fails to fix flaw

Researcher finds 'trivial way' to exploit privilege escalation vulnerability after Apple tries to plug Yosemite hole

HTTPS snooping flaw affected 1,000 iOS apps with millions of users

Flaw in the third-party library AFNetworking broke HTTPS certificate validation, enabling man-in-the-middle attacks

Dropbox to pay security researchers for bugs

Dropbox, which has not set a maximum reward, joins the list of companies crowdsourcing parts of their security testing

endofroadsign

Oracle to end publicly available security fixes for Java 7 this month

Users must sign long-term support deals or migrate to Java 8 to avoid 'enormous headache and disruption to millions of applications'

black duck

Black Duck's mission: To seek out insecure open source code in the enterprise

Black Duck Hub integrates with other tools to audit enterprise use of open source code for known vulnerabilities

Unlocked circuit board / security threat

IBM discloses vulnerability in Dropbox's Android SDK

The flaw allegedly affects popular Android apps like Microsoft Office Mobile, but Dropbox maintains its scope is limited

Microsoft fixes FREAK vulnerability in Patch Tuesday update

Microsoft has issued five critical patches among its 14 updates for for Windows, Internet Explorer, and Office

Flaw in popular Web analytics plug-in exposes WordPress sites to hacking

Attackers can easily crack cryptographic keys used by the WP-Slimstat plug-in and use them to read information from a site's database

Load More