Reports

New Search Engine Wants To Be A Google For Code

Researchers at The University of Cambridge in the UK have created a Google-like search engine that can peer inside applications, analyzing their underlying code. The search tool, named “Rendezvous,” has applications for a number of problems. It could be used to help reverse engineer potentially malicious files, copyright enforcement or to find evidence of plagiarism within applications, according to a blog post by Ross Anderson, a Professor of Security Engineering at the Laboratory.   Rendezvous was unveiled in a seminar on Tuesday by Wei Ming Khoo, a doctoral student in the Security Group working at the University of Cambridge’s Computer Laboratory. The engine, which can be accessed here, allows users to submit an unknown binary, which is decompiled, parsed and compared against a library of code harvested from open source projects across the Internet. Code reuse has become a pressing security issue. The application security firm Veracode has named reused […]

Continue Reading

Fitbitten: Researchers Exploit Health Monitor To Earn Workout Rewards

Call it “the quantified self” – that intersection of powerful, IP-enabled personal health monitoring tools and (usually) Web based tools for aggregating, analyzing and reporting. The last five years has brought an explosion in these products. In addition to the long-popular gear like Garmin GPS watches – must have items for the exercise addicted – there’s a whole range of new tools for the merely “exercise curious” or folks interested in losing weight or just figure out what, exactly, they do all day. Count  Nike’s FuelBand, Jawbone’s UP, and Fitbit in that category. Alas, a growing number of reports suggest that, when it comes to medical devices and health monitoring tools, the security of sensitive personal data isn’t a top priority. The latest news comes by way of researchers at Florida International University in Miami, Florida. A team of three researchers, composed of students and faculty, analyzed the Fitbit health monitoring device […]

Continue Reading

The History Of Programming Languages – And Their Popularity

Our friends over at Veracode posted a great little infograph this week that explains the history of computer programming languages, starting with software development’s forefather foremother, the lovely Ada Lovelace, who is credited with developing the first programming language, an algorithm for a mechanical computer dubbed the Analytic Engine in 1883! The graphic describes the history of modern programming languages, including COBOL, FORTRAN and LISP in the 1950s and 60s, up to today’s dominant languages: Java, C and Objective-C. Check it out! Infographic by Veracode Application Security

Continue Reading

Application Security ‘Precrimes’ Report: SQL Injection, Crypto Hacks in 2013

We have plenty of industry-provided reports that tell us what happened in the past. The annual Verizon Databreach Investigations Report is due out any day, providing data on breaches investigated by that company’s incident response professionals, as well as information from law enforcement agencies around the world. And, with the first quarter gone, its safe to assume that similar reports will follow from Symantec and others.   But what about the threats for 2013? That’s where Veracode’s State of Software Security (SoSS) report comes in. Released to the public today, SoSS documents the kinds of software vulnerabilities that company found during 2012. And, where there are vulnerabilities, there will be attacks, Veracode CTO Chris Wysopal says. So what’s on tap for 2013? SQL injection attacks are likely to be one of the main attack types against web-based applications this year, as they were last year, Veracode says. That’s because SQL […]

Continue Reading

Home Invasion: Home Routers May Be The Next Big Hack

Most of us have broadband at home. It’s always there. It works and, for the most part, we don’t think about it until it goes down. Our amnesia extends to the humble home gateway or broadband router that is our connection to the global Internet. That piece of CPE (or customer-premises equipment) probably sits on our desk, or down in our basement gathering dust. Strong password? Meh. Firmware update? Hey, ‘if it ain’t broke…don’t fix it!” But all those small, insecure devices could add up to a major security crisis for users and their Internet Service Provider (ISP), according to researchers at the firm IOActive. Writing on the IOActive blog, researchers Ehab Hussein (@_obzy_) and Sofiane Taimat (@_sud0) say that millions of  vulnerable home routers and gateways are vulnerable to trivial attacks. Those devices could be harnessed by cyber criminal groups, state-backed actors or hacktivists for malware distribution, spam or […]

Continue Reading
1 146 147 148 149 150 152