Post Tagged with: "Facebook"

Update: Superfish is the Real End of SSL

February 23, 2015 12:010 comments
Update: Superfish is the Real End of SSL

In-brief: Outrage over Lenovo’s promotion of privacy busting adware continued to grow amid lawsuits and more spying revelations. The big question: is this the final – final straw for the beleaguered Secure Sockets Layer (SSL) technology?  (Updated to add comment from Kevin Bocek of Venafi.) Like this:Like Loading…

Read more ›

At Summit, in search of Leadership on Cyber Security

February 13, 2015 10:530 comments
The President will address an audience of Silicon Valley executives Friday at a Summit focused on improving cyber security.

In-brief: President Obama will address technology leaders at a Summit at Stanford University on Friday. But technology industry leaders say that much hinges on Washington’s ability to pass needed legal reforms.  Like this:Like Loading…

Read more ›

In Smart TV Land, Eavesdropping is Nothing New

February 9, 2015 11:450 comments
Terms of service for many smart TVs require omnibus data harvesting, including of voice data.

In-brief: Samsung isn’t alone in asking customers to consent to the collection and transmission of “voice data.” But questions about the ethics and legality of the practice remain.  Like this:Like Loading…

Read more ›

Update: Facebook awards $50K Internet Defense Prize for Work on Securing Web Apps

August 21, 2014 12:32Comments Off on Update: Facebook awards $50K Internet Defense Prize for Work on Securing Web Apps
A vulnerability that could leave Facebook accounts vulnerable to hijacking is widespread and still dangerous, despite reports that it was "patched" last week.

Saying that research dollars for cyber security are disproportionately devoted to work on “offensive” techniques (like hacking), social media giant Facebook has awarded two researchers  a $50,000 prize for their work on cyber defense. The company announced on Wednesday that Johannes Dahse and Thorsten Holz, both of Ruhr-Universität Bochum in Germany for their work on a method for making software less prone to being hacked. The two developed a method for detecting so-called “second-order” vulnerabilities in Web applications using automated static code analysis. Their paper (PDF here) was presented at the 23rd USENIX Security Symposium in San Diego. In a blog post announcing the prize, John Flyn, a security engineering manager at Facebook, said the Internet Defense Prize recognizes “superior quality research that combines a working prototype with significant contributions to the security of the Internet—particularly in the areas of protection and defense.” Dahse and Holz’s work was chosen by a panel […]

Read more ›

Podcast: Is Defense-In-Depth The Only Real Heartbleed Fix?

May 30, 2014 15:46Comments Off on Podcast: Is Defense-In-Depth The Only Real Heartbleed Fix?
Goodman says defense in depth tactics can mitigate even unpredictable security blow-ups like the Heartbleed OpenSSL vulnerability. (Image courtesy of DUO Security)

Like everyone else, we wrote extensively in the last month about the serious security vulnerability in OpenSSL dubbed “Heartbleed,” which affected many of the world’s leading web sites and services, including Facebook and Google. The large-type headlines about Heartbleed have passed. But that doesn’t mean that the danger has. As we have noted,  we are entering a phase that might be considered Heartbleed’s ‘long tail.’ Most of the well-trafficked websites that were vulnerable to Heartbleed have gotten around to fixing the vulnerability. But public-facing web servers are only the beginning of the story for OpenSSL. Chasing down the vulnerability’s long tail in third-party applications and on internal web sites and applications is a much larger task. As I’ve noted: open source components make their way into all manner of applications and bespoke products these days, often without any effort to assess the security of the borrowed code. For companies that need to protect critical IT […]

Read more ›
%d bloggers like this: