Vulnerability Note VU#582497 Multiple Android applications fail to properly validate SSL certificates Original Release date: 03 Sep 2014 | Last revised: 03 Sep 2014 Overview Multiple Android applications fail to properly validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack.
ISC StormCast for Monday, April 14th 2014 http://isc.sans.edu/podcastdetail.html?id=3933, (Sun, Apr 13th)
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Visualising Singapore’s mobile phone data with core.matrix — 3 retweets 3 favorites
This book identifies the root causes of today’s most widespread software vulnerabilities, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives.
“ZD Net had an article entitled “Kernel vulnerability places Samsung devices at risk” and I thought “so, what's new” until I followed the link to the forum post on xda-developers. Then I just lost it because I'm certain that this is a result of plain and simple laziness. Here are my arguments for why I think it's laziness: First, This is Samsung we're talking about here….”
“Cyber terrorism and espionage have been highlighted as growing threats to Australian organisations and government departments, according to a new annual report by the Australian Security Intelligence Organisation (ASIO). The Annual Report 2011-12, which was tabled in the federal parliament this week, found that ASIO completed more than 150,000 counter terrorism security assessments during the reporting period. Emerging technology and an Internet-connected world offer new avenues of espionage, read the report….”
“Are your customers, or more broadly 3rd parties, finding more bugs in your code than you are? Are your development organizations releasing code that has poor quality stamped all over it? Recently I saw a report that had this graphic in it, and my mind wandered a little….”
“Lately, this blog has been all abuzz with DevOps, cloud topics and enterprise resiliency. Today I wanted to take us back to where this blog started – App Security. Sometimes you hear someone say something so controversial it sounds ridiculous, and your first reaction is ridicule and dismissal…