Application Security - Infoworld http://www.infoworld.com/t/2098 en Obama backs disclosing software vulnerabilities in most cases http://www.infoworld.com/d/security/obama-backs-disclosing-software-vulnerabilities-in-most-cases-240404?source=rss_application_security <p>The administration of U.S. President Barack Obama favors disclosing to the public vulnerabilities in commercial and open source software in the national interest, unless there is a national security or law enforcement need, the country's spy agency said.</p> Security The Industry Standard Application Security Vulnerability Assessment Government Mon, 14 Apr 2014 12:21:26 +0000 admin 240404 at http://www.infoworld.com Google amps up fight against malicious apps with enhanced Android security http://www.infoworld.com/d/mobile-technology/google-amps-fight-against-malicious-apps-enhanced-android-security-240283?source=rss_application_security <p>Google is boosting Android security safeguards to better detect potentially harmful apps throughout their life cycle.</p> <p>The security enhancement, announced Thursday, is designed to continually check Android devices to detect vulnerabilities in apps that could be introduced at any time. Previously, malicious apps downloaded outside of Google Play could only be flagged at the time of installation.</p> Mobile Technology Security Google Android Application Security Mobile Security Vulnerability Assessment Fri, 11 Apr 2014 11:27:11 +0000 admin 240283 at http://www.infoworld.com Apple patches Safari's Pwn2Own vulnerability, two-dozen other critical bugs http://www.infoworld.com/d/security/apple-patches-safaris-pwn2own-vulnerability-two-dozen-other-critical-bugs-239630?source=rss_application_security <p>Apple on Tuesday patched the security vulnerability in Safari that was successfully exploited at last month's Pwn2Own hacking contest, where a team cracked the browser to win $65,000.</p> <p>The Cupertino, Calif. company seeded <a href="http://support.apple.com/kb/HT6181" target="_blank">updates</a> for both Safari 6 and Safari 7 yesterday, promoting the former to version 6.1.3 and the latter to 7.0.3.</p> Security Apple Application Security Mac Software Patch Management Web Browsers Wed, 02 Apr 2014 11:59:33 +0000 admin 239630 at http://www.infoworld.com Protect your source code before it's too late http://www.infoworld.com/d/security/protect-your-source-code-its-too-late-239537?source=rss_application_security <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/virus_code_hp.jpg" alt="Protect your source code before it's too late" width="243" height="182" align="right" /></div> <p>It's one of the great computer security lessons.</p> Security Application Security Hacking Insider Threats Security Tue, 01 Apr 2014 10:00:00 +0000 Roger A. Grimes 239537 at http://www.infoworld.com Microsoft's KB 2953095 Word security hole is part of ongoing embarrassment http://www.infoworld.com/t/microsoft-windows/microsofts-kb-2953095-word-security-hole-part-of-ongoing-embarrassment-239026?source=rss_application_security <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/windows_broken_hp.jpg" alt="Microsoft's KB 2953095 Word security hole is part of ongoing embarrassment" width="243" height="182" align="right" /></div><p>Earlier this year, three researchers at Google told Microsoft about yet another RTF rendering security hole in Word. Microsoft Windows Microsoft Microsoft Windows Application Security Office Software Tue, 25 Mar 2014 11:55:04 +0000 InfoWorld Tech Watch 239026 at http://www.infoworld.com Microsoft warns Word users of ongoing attacks exploiting unpatched bug http://www.infoworld.com/d/security/microsoft-warns-word-users-of-ongoing-attacks-exploiting-unpatched-bug-239001?source=rss_application_security <p>Microsoft on Monday warned users of Word 2010 that in-the-wild attacks are exploiting an unpatched vulnerability in the software. The company also published an automated tool to protect customers until it issues a patch.</p> Security Microsoft Microsoft Office Application Security Office Software Tue, 25 Mar 2014 11:10:21 +0000 admin 239001 at http://www.infoworld.com Major SSL flaw found in iOS, OS X http://www.infoworld.com/d/security/major-ssl-flaw-found-in-ios-os-x-236889?source=rss_application_security <p>Security researchers revealed late Friday that iOS's validation of SSL encryption had a coding error that bypassed a key validation step in the Web protocol for secure communications. As a result, communications sent over unsecured Wi-Fi hot spots could be intercepted and read while unencrypted, potentially exposing user password, bank data, and other sensitive data to hackers via man-in-the-middle attacks. Secured Wi-Fi networks, such as home and business networks with encryption enabled, are not affected.</p> Applications Mobile Technology Security Apple Mac OS X Application Security iOS Encryption Hacking Web Browsers Sun, 23 Feb 2014 03:00:48 +0000 Galen Gruman 236889 at http://www.infoworld.com How to rethink security for the new world of IT http://www.infoworld.com/d/security/how-rethink-security-the-new-world-of-it-236329?source=rss_application_security <p>"We shall fight on the beaches. We shall fight on the landing grounds. We shall fight in the fields and in the streets. We shall fight in the hills. We shall never surrender," said Winston Churchill in his famous June 1940 speech in the face of Nazi attacks on England. His earlier committment to the goal of victory, "however long and hard the road may be," is an apt analogy to the security battles that enterprises face.</p> Consumerization of IT Data Management Security IT Management Application Security Data Loss Prevention Data Security Endpoint Protection Hacking IDG Insider Wed, 19 Feb 2014 11:00:00 +0000 Galen Gruman 236329 at http://www.infoworld.com Google expands bug bounty program, ups Patch program rewards http://www.infoworld.com/d/security/google-expands-bug-bounty-program-ups-patch-program-rewards-235749?source=rss_application_security <p>Google is broadening its bug bounty program for security researchers to encompass all Chrome apps and extensions made by the company. It's also upping payments for its Patch Rewards Program, focused on improvements for open-source code.</p> <p>The company <a href="http://www.google.com/about/appsecurity/reward-program/" target="_blank">pays</a> independent researchers for finding problems such as cross-site scripting flaws, SQL injection or authentication problems under its Vulnerability Reward Program, which started in November 2010.</p> Security Google Google Chrome Application Testing Application Security Wed, 05 Feb 2014 12:53:54 +0000 admin 235749 at http://www.infoworld.com Google tackles top security complaint among Chrome users http://www.infoworld.com/d/applications/google-tackles-top-security-complaint-among-chrome-users-235627?source=rss_application_security <p>Google is bolstering its defenses against what it says is the number one complaint among Chrome users, the hijacking of browser settings by malicious code hidden in free downloads such as screensavers, games and video plugins.</p> <p>The company is enhancing the Chrome feature that enables users to reset their browser settings to their original defaults in order to remove all malicious plugins and apps. Besides providing the reset option, Google will also alert users when browser settings have been changed and provide the option of one-click reset.</p> Applications Security Google Google Chrome Application Security Malware Web Browsers Tue, 04 Feb 2014 16:18:37 +0000 admin 235627 at http://www.infoworld.com GitHub bug bounties: Smaller, more focused is better http://www.infoworld.com/d/security/github-bug-bounties-smaller-more-focused-better-235471?source=rss_application_security <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/security_bug_hp.jpg" alt="GitHub bug bounties: Smaller, more focused is better" width="243" height="182" align="right" /></div><p>With Microsoft, Google, and Facebook now all <a href="http://www.infoworld.com/d/security/microsoft-google-and-facebook-team-new-bug-bounty-program-230396">offering bug bounty programs</a> to reward the responsible disclosure of vulnerabili Open Source Software Security GitHub Application Testing Application Security Fri, 31 Jan 2014 17:31:37 +0000 InfoWorld Tech Watch 235471 at http://www.infoworld.com Java's encrypted communications no panacea for security problems http://www.infoworld.com/t/java-programming/javas-encrypted-communications-no-panacea-security-problems-235314?source=rss_application_security <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/java_hp.jpg" alt="Java's encrypted communications no panacea for security problems " width="243" height="182" align="right" /></div><p>The next version of standard Java, <a href="http://www.infoworld.com/t/java-programming/full-speed-ahead-oracle-ship-java-8-in-march-even-bugs-234091">due in mid-March</a>, will have Transport Level Security (TLS) 1.2 set by default, t</p> Application Development Oracle Application Security Java Programming Encryption Thu, 30 Jan 2014 14:53:21 +0000 InfoWorld Tech Watch 235314 at http://www.infoworld.com Book smart, security stupid: Rogue professors flunk Security 101 http://www.infoworld.com/t/it-jobs/book-smart-security-stupid-rogue-professors-flunk-security-101-235176?source=rss_application_security <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/18OPsecadvise_hp.jpg" alt="Book smart, security stupid: Rogue professors flunk Security 101" width="243" height="182" align="right" /></div><p>If anyone wants to study human nature, they should tag along with IT pros for a few days. We see it all, the many shades of good and bad.</p> your IT tales Access Control IT Jobs IT Management IT Training Application Security Tech Support Identity Management Wed, 29 Jan 2014 11:00:00 +0000 Anonymous 235176 at http://www.infoworld.com Patching has failed, so it's time for Java to go http://www.infoworld.com/d/security/patching-has-failed-so-its-time-java-go-234709?source=rss_application_security <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/security_patch_hp.jpg" alt="Patching has failed, so it's time for Java to go" width="243" height="182" align="right" /></div> <p>When Cisco released its 2014 Annual Security Report last week, we were told that 91 percent of all successful Web exploits involve Oracle Java JRE -- and 76 percent of those Java users are running an unsupported version. Security Application Security Java Programming Security Wed, 22 Jan 2014 11:00:00 +0000 Roger A. Grimes 234709 at http://www.infoworld.com Java's security dilemma: Old, vulnerable versions won't go away http://www.infoworld.com/t/java-programming/javas-security-dilemma-old-vulnerable-versions-wont-go-away-234554?source=rss_application_security <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/Java_hp.jpg" alt="Java's security dilemma: Old, vulnerable versions won't go away" width="243" height="182" align="right" /></div> <p>Users of Java are caught between a rock and a hard place. They often need an older version of Java to run their applications, but those aged releases are susceptible to security breaches, which have plagued Java in recent years. Application Development Security Application Security Java Programming Patch Management Tue, 21 Jan 2014 11:00:00 +0000 InfoWorld Tech Watch 234554 at http://www.infoworld.com Worm targeting Apache Tomcat servers, possibly for DDoS http://www.infoworld.com/d/security/worm-targeting-apache-tomcat-servers-possibly-ddos-231363?source=rss_application_security <p>A worm-like type of malicious software has been found targeting Apache Tomcat, an open-source Web server application, according to Symantec.</p> <p>The malware, which Symantec calls "Java.Tomdep," differs from other server malware in that it's not written in the PHP scripting language, wrote Takashi Katsuki in a <a href="http://www.symantec.com/connect/blogs/all-your-tomcat-are-belong-bad-guys" target="_blank">blog post</a>.</p> Applications Open Source Software Security Apache Application Servers Application Security Hacking Open Source Software Malware Web Applications Thu, 21 Nov 2013 12:51:11 +0000 admin 231363 at http://www.infoworld.com HP: 90 percent of Apple iOS mobile apps show security vulnerabilities http://www.infoworld.com/d/mobile-technology/hp-90-percent-of-apple-ios-mobile-apps-show-security-vulnerabilities-231089?source=rss_application_security <p>HP today said security testing it conducted on more than 2,000 Apple iOS mobile apps developed for commercial use by some 600 large companies in 50 countries showed that nine out of 10 had serious vulnerabilities.</p> Mobile Technology Security Apple Application Security iOS Mobile Apps Mobile Security Vulnerability Assessment Mon, 18 Nov 2013 18:46:56 +0000 admin 231089 at http://www.infoworld.com Google fixes Chrome vulnerabilities exploited at Pwn2Own hacking contest http://www.infoworld.com/d/security/google-fixes-chrome-vulnerabilities-exploited-pwn2own-hacking-contest-230948?source=rss_application_security <p>Google released emergency security updates for Chrome in order to patch critical vulnerabilities demonstrated Thursday by a security researcher at the Mobile Pwn2Own hacking competition.</p> <p>The vulnerabilities <a href="http://www.pcworld.com/article/2063560/researchers-hack-internet-explorer-11-and-chrome-at-mobile-pwn2own.html" target="_blank">were exploited by a security researcher who uses the pseudonym Pinkie Pie</a> to achieve arbitrary code execution on a Nexus 4 and a Samsung Galaxy S4 device, earning him a prize of $50,000 in the contest.</p> Applications Security Google Google Chrome Application Security Mobile Apps Mobile Security Hacking Patch Management Web Browsers Vulnerability Assessment Fri, 15 Nov 2013 13:47:22 +0000 admin 230948 at http://www.infoworld.com Microsoft, Google, and Facebook team up on new bug bounty program http://www.infoworld.com/d/security/microsoft-google-and-facebook-team-new-bug-bounty-program-230396?source=rss_application_security <p>A new bug bounty program sponsored by Microsoft and Facebook will reward security researchers for finding and reporting vulnerabilities in widely used software that have the potential to affect a large number of Internet users.</p> <p>The program will be run by a panel of researchers from Facebook, Google, Microsoft, and several other companies who helped manage or participated in other security bounty programs over the years.</p> Security Facebook Google Microsoft Application Security Vulnerability Assessment Thu, 07 Nov 2013 13:05:25 +0000 admin 230396 at http://www.infoworld.com Deciphering Microsoft Security Advisory 2896666 on Word zero-day exploit http://www.infoworld.com/t/office-software/deciphering-microsoft-security-advisory-2896666-word-zero-day-exploit-230312?source=rss_application_security <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/Microsoft_Office_hp.jpg" alt="Deciphering Microsoft Security Advisory 2896666 on Word zero-day exploit" width="243" height="182" align="right" /></div><p>If you've tried to wade through <a href="http://technet.microsoft.com/en-us/security/advisory/2896666" target="_blank">Security Advisory 2896666</a>, you're probably ready to tear your hair out. Applications Microsoft Windows Security Microsoft Microsoft Office Application Security Office Software Malware Vulnerability Assessment Wed, 06 Nov 2013 12:12:37 +0000 InfoWorld Tech Watch 230312 at http://www.infoworld.com