Web App Security

  • Most Topular Stories

  • Improving Malware Detection in Firefox

    Mozilla Security Blog
    Sid Stamm
    23 Jul 2014 | 5:01 pm
    We are always looking for ways to help protect people better from the constant threat of malicious software. For years Firefox has utilized Google’s Safe Browsing phishing and malware protection to help keep you from accidentally visiting dangerous sites. This protection feature works by checking the sites that you visit against lists that Firefox downloads of reported phishing and malware sites. (For more details, check out this page.) Firefox is about to get safer. Until recently, we only had access to lists of reported malicious web sites, now the Safe Browsing service monitors…
  • First-Time DEF CON Attendee? Watch This

    Liquidmatrix Security Digest
    Bill Brenner
    25 Jul 2014 | 4:28 am
    If you haven’t seen it yet, I highly recommend the DEF CON documentary that came out last year. For nearly two hours, you get a detailed history of the event and get a pretty good introduction to the major players who make the whole thing work. If you’re going for the first time, the documentary, directed by Jason Scott Sadofsky, is must-viewing. The post First-Time DEF CON Attendee? Watch This appeared first on Liquidmatrix Security Digest.
  • Dissecting the CVE-2013-2460 Java Exploit

    Zscaler Research
    Sameer Patil
    28 Jul 2014 | 3:43 am
    Introduction In this vulnerability, code is able to get the references of some restricted classes which are cleverly used for privilege escalation and bypassing the JVM sandbox. The vulnerable “invoke” method of the “sun.tracing.ProviderSkeleton” class is used to issue calls to the Class.forName() method for loading internal restricted classes and methods. Vulnerability Exploitation
  • Building Firefox Hub Add-ons for Firefox for Android

    Mozilla Hacks - the Web developer blog
    Margaret Leibovic
    24 Jul 2014 | 8:45 am
    The Firefox Hub APIs allow add-ons to add new panels to the Firefox for Android home page, where users normally find their top sites, bookmarks and history. These APIs were introduced in Firefox 30, but there are more features and bug fixes in Firefox 31 and 32. You can already find some of these add-ons on addons.mozilla.org, and there is some boilerplate code on github to help you get started. Overview There are two main parts to building a Firefox Hub add-on: creating a home panel, and storing data to show in that panel. Home panels consist of different views, each of which displays data…
  • Stoned Bitcoin: My Analysis Tools

    Didier Stevens
    Didier Stevens
    23 Jul 2014 | 5:00 pm
    The most interesting thing about Stoned Bitcoin for me, was to work out a method to find these Bitcoin transactions. When this was mentioned on Twitter, I did a string search through the Bitcoin blockchain for string STONED: no hits. Some time later I used my find-file-in-file tool. I got a copy of the Stoned Virus (md5 74A6DBB7A60915FE2111E580ACDEEAB7) and searched through the blockchain: again, no hits. Although this means the blockchain doesn’t contain the start bytes of the Stoned Virus, it could still contain other parts of the virus. So I randomly selected a sequence of bytes from…
  • add this feed to my.Alltop

    Mozilla Security Blog

  • Improving Malware Detection in Firefox

    Sid Stamm
    23 Jul 2014 | 5:01 pm
    We are always looking for ways to help protect people better from the constant threat of malicious software. For years Firefox has utilized Google’s Safe Browsing phishing and malware protection to help keep you from accidentally visiting dangerous sites. This protection feature works by checking the sites that you visit against lists that Firefox downloads of reported phishing and malware sites. (For more details, check out this page.) Firefox is about to get safer. Until recently, we only had access to lists of reported malicious web sites, now the Safe Browsing service monitors…
  • June is Internet Safety Month!

    Sid Stamm
    2 Jun 2014 | 8:28 am
    Happy Internet Safety Month, everyone! In today’s world it is more critical than ever to be aware of security risks online. High-profile and broad attacks made news quite a bit in the last year. From the Heartbleed vulnerability to spikes in credit card theft and fraud, buzz about online privacy and security is on the rise. Even the White House has turned attention to cybersecurity. The Ponemon Institute estimates 47% of Americans have had their personal information compromised! So now is a great time to do some routine maintenance this month and beef up your safety: Download a secure…
  • Introducing Mozilla Winter of Security 2014

    Curtis Koenig
    15 May 2014 | 6:14 am
    At Mozilla, we have a loosely formed group called Security Automation, where people who build security tools can meet, exchange ideas, and show their work. We build projects around applications and operations security. Some of the things we’ve worked on include ZAP, Zest, Plug’n’Hack, Minion, MIG, Mozdef, ScanJS or Cipherscan. And, as you would expect from Mozilla, our work is public for all to see, use, and contribute to. In the past, students requested to work on some of these projects. One trend we’ve seen is that many students are looking for real world projects to sink their…
  • Checking Compliance Status with Updated CA Certificate Policy

    kwilson
    13 May 2014 | 3:27 pm
    In early 2013 Mozilla released version 2.1 of Mozilla’s CA Certificate Policy, which added a requirement for either the technical constraint or the audit of subordinate CA certificates, and requires CAs who issue SSL certificates to comply with the CA/Browser Forum Baseline Requirements. Then, in July, we updated Mozilla’s CA Certificate Enforcement Policy to make it clear that Mozilla will not tolerate misuse of publicly trusted certificates. CAs were given a grace period of just over one year to comply with the changes introduced in version 2.1 of the policy. So, today we sent an…
  • Hack in the Box HackWeekDay 2014

    Paul Theriault
    29 Apr 2014 | 3:02 am
    The Mozilla security team is proud to be once again sponsoring the Hack-in-the-Box HackWeekDay competition, this time at the Haxpo conference in Amsterdam, 28-30 May 2014. Come learn about Firefox OS, make apps to compete for great prizes and help shape the future of the mobile web. This HackWeekDay event is the biggest yet, and will actually be run over the course of three separate days. There will daily prizes, and you can compete in as many days as you want: Day 1: Firefox OS Homescreen & WebRTC applications Day 2: Facebook Social/Parse APIs applications Day 3: Combined app hacking…
 
  • add this feed to my.Alltop

    Liquidmatrix Security Digest

  • First-Time DEF CON Attendee? Watch This

    Bill Brenner
    25 Jul 2014 | 4:28 am
    If you haven’t seen it yet, I highly recommend the DEF CON documentary that came out last year. For nearly two hours, you get a detailed history of the event and get a pretty good introduction to the major players who make the whole thing work. If you’re going for the first time, the documentary, directed by Jason Scott Sadofsky, is must-viewing. The post First-Time DEF CON Attendee? Watch This appeared first on Liquidmatrix Security Digest.
  • BH, DefCon, BSidesLV Primer

    Bill Brenner
    18 Jul 2014 | 4:31 am
    Many security professionals are making plans for a week in Las Vegas early next month for three big InfoSec conferences: Black Hat, Defcon and BSidesLV. I’ve been going for years and am familiar with what to expect and how to make the best use of my time there.  If you’re a first-time attendee, however, the experience can be overwhelming. For that reason, each year I put together a survival guide of sorts. Here’s your primer for 2014: Tip 1: Don’t let the noise get to you Black Hat and DEF CON in particular are noisy events. The vendors, in an effort to really fit…
  • Liquidmatrix Security Digest Podcast – Episode 3F

    James Arlen
    17 Jul 2014 | 8:15 am
    Episode 0x3F Last one before Summer Security Camp Pretty much everyone is drowning under piles of wtf and omfg diaf. But we promised you we’d be back and this time we’re pretending we care. Upcoming this week… Lots of News Breaches SCADA / Cyber, cyber… etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs – no arguing or discussion allowed And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at…
  • What The Hell Just Happened Here?

    Bill Brenner
    12 Jul 2014 | 9:38 am
    I never could keep my mouth shut. When a conversation is going on, I can’t just mind my business and focus on the work at hand. I have to be the man at the table who injects quips into the discussion; the guy who thinks he’s not contributing properly unless he pontificates, no matter how ridiculous his words are. That was the scenario Friday when some of us Akamites (Akamai employees) were talking about the content for a new site in the works. I noted that while I love the daily blogging in The Akamai Security Blog and am grateful that I have another forum – The OCD…
  • Bill Brenner Is Joining Liquidmatrix

    Dave Lewis
    11 Jul 2014 | 1:41 pm
    Fresh from the “why the hell didn’t I think of this years ago” files we have some news. Bill Brenner is joining Liquidmatrix! It will be nice to actually have someone writing again. Hint hint. (looking at the crew…myself included) Nothing like a comment made in passing to develop into a cool idea. Years ago Bill was the first media person to interview me for…well, any publication. In the intervening years I have learned that he was a consummate professional and remains so to this day (That’ll be $100 Bill). Now that we both work for the same company, Akamai Technologies, we chat…
  • add this feed to my.Alltop

    Zscaler Research

  • Dissecting the CVE-2013-2460 Java Exploit

    Sameer Patil
    28 Jul 2014 | 3:43 am
    Introduction In this vulnerability, code is able to get the references of some restricted classes which are cleverly used for privilege escalation and bypassing the JVM sandbox. The vulnerable “invoke” method of the “sun.tracing.ProviderSkeleton” class is used to issue calls to the Class.forName() method for loading internal restricted classes and methods. Vulnerability Exploitation
  • De-obfuscating the DOM based JavaScript obfuscation found in EK’s such as Fiesta and Rig

    Pradeep Kulkarni
    23 Jul 2014 | 12:07 am
    There is little doubt that exploit kit (EK) developers are continuing to improve their techniques and are making exploit kits harder to detect. They have heavily leveraged obfuscation techniques for JavaScript and are utilizing browser functionality to their advantage. Recent exploit kits such as ‘Fiesta’ and ‘Rig’ for example, have been found to be using DOM based JavaScript obfuscation. In
  • Mobile App Wall of Shame: CNN App for iPhone

    viral
    21 Jul 2014 | 11:06 am
    Price: Free Category: News Updated: Jul 11, 2014 Version: Version 2.30 (Build 4948) Size: 21.8 MB Language: English Vendor: CNN Interactive Group, Inc. Operating System: iOS Background iReport account setting The CNN App for iPhone is one of the most popular news applications available for the iPhone. At present, it is sitting at #2 in the iTunes free News app category and #165
  • The “Forbidden” Apple: App Stores and the Illusion of Control Part I

    viral
    15 Jul 2014 | 5:59 am
    There is no doubt we truly live in an “App Economy.” From personal to professional, we direct and live our lives through our smart phones. But while we enjoy the latest games, stream the latest content or catch up on our friend's activities, few think about the “App Dichotomy”– The fact that we are at least as much the consumed, as we are the consumer. This is the first in a pair of blogs that
  • And the mice will “Play”…: App Stores and the Illusion of Control Part II

    viral
    15 Jul 2014 | 5:59 am
    In the last blog, we began analyzing what we’ve termed the “App Dichotomy” of the App Economy – The fact that we are at least as much the consumed, as we are the consumer. Our goal was to analyze popular apps from Apple’s App Store and Google Play to determine how permissive developers have tried to be, and the security and privacy risks we accept when we download them to our smartphones. 
 
  • add this feed to my.Alltop

    Mozilla Hacks - the Web developer blog

  • Building Firefox Hub Add-ons for Firefox for Android

    Margaret Leibovic
    24 Jul 2014 | 8:45 am
    The Firefox Hub APIs allow add-ons to add new panels to the Firefox for Android home page, where users normally find their top sites, bookmarks and history. These APIs were introduced in Firefox 30, but there are more features and bug fixes in Firefox 31 and 32. You can already find some of these add-ons on addons.mozilla.org, and there is some boilerplate code on github to help you get started. Overview There are two main parts to building a Firefox Hub add-on: creating a home panel, and storing data to show in that panel. Home panels consist of different views, each of which displays data…
  • Resources for HTML5 game developers

    Jason Weathersby
    22 Jul 2014 | 7:58 am
    Today we released Firefox 31 and it offers a couple of new features that help HTML5 game developers to code and debug sophisticated games. In addition Mozilla blogged about the first commercial games leveraging asm.js, Dungeon Defenders Eternity and Cloud Raiders both of which were cross-compiled in to JavaScript using the Emscripten compiler. Games like these show that HTML5 is ready as a game platform. If you are interested in working with Emscripten you can get more information at the main Emscripten wiki or grab the code on the github page. Another good resource is the getting started…
  • How can we write better software? – Interview series, part 1

    Shane Tomlinson
    16 Jul 2014 | 9:08 am
    Do you ever look code and murmur a string of “WTFs?” Yeah, me too. As often as not, the code is my own. I have spent my entire professional career trying to write software that I can be proud of. Writing software that “works” is difficult. Writing software that works while also being bug-free, readable, extensible, maintainable and secure is a Herculean task. Luckily, I am part of a community that is made up of some of the best development, QA and security folks in the industry. Mozillians have proven themselves time and time again with projects like Webmaker, MDN,…
  • Adding captions and subtitles to HTML5 video

    Ian Devlin
    10 Jul 2014 | 5:04 am
    This article is also available on MDN. With the introduction of the <video> and <audio> elements to HTML5, we finally have a native way to add video and audio to our websites. We also have a JavaScript API that allows us to interact with this media content in different ways, be it writing our own controls or simply seeing how long a video file is. As responsible web developers, we should also be constantly thinking about making our content more accessible, and this doesn’t stop with video and audio content. Making our content accessible to all is an important step, be it for…
  • Mozilla at conferences – June edition

    Chris Heilmann
    3 Jul 2014 | 8:29 am
    Welcome to a quick round-up of what Mozillians have been talking about at events in and around June. Frédéric Harper spoke at Devoxx UK about “Getting the best out of your design with responsive web design“ Robert Nyman spoke at JSCamp Romania about “Five stages of development (slides – video)” David Baron spoke at CSS Day about “Efficient CSS Animations (slideshow – all slides) Chris Heilmann visited Campus Party Mexico to deliver the keynote “The Future of the Open Web (video, slides)”. There were also various talks by local…
  • add this feed to my.Alltop

    Didier Stevens

  • Stoned Bitcoin: My Analysis Tools

    Didier Stevens
    23 Jul 2014 | 5:00 pm
    The most interesting thing about Stoned Bitcoin for me, was to work out a method to find these Bitcoin transactions. When this was mentioned on Twitter, I did a string search through the Bitcoin blockchain for string STONED: no hits. Some time later I used my find-file-in-file tool. I got a copy of the Stoned Virus (md5 74A6DBB7A60915FE2111E580ACDEEAB7) and searched through the blockchain: again, no hits. Although this means the blockchain doesn’t contain the start bytes of the Stoned Virus, it could still contain other parts of the virus. So I randomly selected a sequence of bytes from…
  • Update: translate.py

    Didier Stevens
    16 Jul 2014 | 12:37 pm
    Some time ago, Chris John Riley reminded me of a program I had written, published … and forgotten: translate.py. Apparently, it is used in SANS classes. Looking at this program from 2007, I though: my Python coding style has changed since then, I need to rewrite this. So here is the new version. It’s backward compatible with the old version (same arguments), but it offers more flexibility, like input/output redirection, allowing it to be used in pipes. And from now on, I’m going to try to add a man page to all new Python program releases. It’s embedded in the source…
  • Update: Stoned Bitcoin

    Didier Stevens
    29 Jun 2014 | 5:04 pm
    kurt wismer pointed me to this post on pastebin after he read my Stoned Bitcoin blogpost. The author of this pastebin post works out a method to spam the Bitcoin blockchain to cause anti-virus (false) positives. I scanned through all the Bitcoin transactions (until 24/06/2014) for the addresses listed in this pastebin post (the addresses represent antivirus signatures for 400+ malwares). All these “malicious” Bitcoin addresses, designed to generate anti-virus false positives,  have been exclusively used in the 8 Bitcoin transactions I mentioned in my previous post. The pastebin…
  • Stoned Bitcoin

    Didier Stevens
    23 Jun 2014 | 1:29 pm
    There are reports of anti-virus false positive detections of Bitcoin files. More precisely for the old Stoned computer virus. I found the smoking gun! These reports should not be dismissed as hoaxes. I’ve identified 2 Bitcoin transactions that contain byte sequences found in the Stoned computer virus. Here they are: f09904aaa4fa4a8ec7da06f5e3d318a9b6a218e1a215f9307416fbbadf5a1c8e fcf5cf9893a142897598edfc753bd6162e3638e138fc2feaf4a3477c0cfb65eb Both transactions appear in blocks dated 2014-04-04. The first transaction has byte sequences of the Stoned computer virus in the address of…
  • Wireshark-export

    Didier Stevens
    15 Jun 2014 | 5:37 pm
    Here is the 010 Editor script I developed to generate Wireshark hex dumps. Watch how to use it in my previous blogpost: “Packet Class: Wireshark – Import Hex Dump”. wireshark-export_v0_0_1.zip (https) MD5: B339EFD0898B6506CBEAAFCBCE08B3A6 SHA256: 557B39246FAC3BD91CE24EAD3DF07F8B68100778241393A26C67A566756C404B
 
  • add this feed to my.Alltop

    CERIAS Combined Feed

  • Videos from the 15th Annual CERIAS Symposium

    Gene Spafford
    11 Jul 2014 | 1:30 pm
    We are now releasing videos of our sessions at this year’s CERIAS Symposium from late March. We had a fascinating session with David Medine, chair of the PCLOB discussing privacy and government surveillance with Mark Rasch, currently the CPO for SAIC. If you are interested in the issues of security, counterterrorism, privacy, and/or government surveillance, you will probably find this interesting: https://www.youtube.com/watch?v=kHO7F8XjvrI We are also making available videos of some of our other speakers — Amy Hess, Exec. Deputy Director of the FBI; George Kurtz, President & CEO of…
  • Update on “Patching is Not Security”

    Gene Spafford
    9 Jul 2014 | 12:09 pm
    A few weeks ago, I wrote a post entitled “Patching Is Not Security.” Among other elements, I described a bug in some Linksys routers that was not patched and was supporting the Moon worm. Today, I received word that the same unpatched flaw in the router is being used to support DDOS attacks. These are not likely to be seen by the owners/operators of the routers because all the traffic involved is external to their networks — it is outbound from the router and is therefore “invisible” to most tools. About all they might see is some slowdown in their connectivity. Here’s some of the…
  • Why We Don’t Have Secure Systems Yet, Introduction

    Gene Spafford
    7 Jul 2014 | 10:32 am
    Over the past couple of months I’ve been giving an evolving talk on why we don’t yet have secure systems, despite over 50 years of work in the field. I first gave this at an NSF futures workshop, and will give it a few more times this summer and fall. As I was last reviewing my notes, it occurred to me that many of the themes I’ve spoken about have been included in past posts here in the blog, and are things I’ve been talking about for nearly my entire career. It’s disappointing how little progress I’ve seen on so many fronts. The products on the market, and the “experts” who…
  • CERTs, Security Patches And Sloppy Design

    CERIAS Webmaster
    25 Jun 2014 | 6:02 am
    When will we reach the tipping point? Spafford has this to offer, “If we keep patching, the system will collapse under the weight of all those patches.” More information »
  • PhD Candidate Recognized for Homeland Security Investigation Accomplishments

    CERIAS Webmaster
    11 Jun 2014 | 6:19 am
    U.S. Homeland Security Investigations (HSI) recently recognized Rachel Sitarz, a CERIAS PhD Candidate in Cyber Forensics, for her efforts in support of a nationally coordinated investigation in 2012. The HSI Executive Associate Director’s Annual Awards Program recognized the Chicago Office for “Outstanding Investigative Accomplishments - Immigration Fraud” in “Operation Island Express”. The investigation targeted a transnational document trafficking organization based in Puerto Rico. The trafficking organization sold the identities of Puerto Rican U.S. citizens and corresponding…
  • add this feed to my.Alltop

    Security Intelligence

  • 11 Must-See Briefings at Black Hat USA 2014

    Doug Franklin
    25 Jul 2014 | 8:24 am
    Surpassing previous Black Hat events, the Black Hat USA 2014 conference offers such an incredible selection of briefings that whittling down the choices to a manageable list will be much more difficult than it was last year. A quick scan of the descriptions gave me a list of about 40 briefings that I would like to attend. Even before the briefings start, Dan Geer’s keynote speech, “Cyber Security as Realpolitik,” promises to kick things off with a bang. Geer’s broad and unique background in both general and network computing — and in network security and intelligence…
  • Cyber Security Threats Gain Boardroom Attention

    Aaron Breen
    24 Jul 2014 | 7:04 am
    Cyber security threats aren’t just for security specialists anymore. Today, cyber security is drawing attention from the very top, with one recent study finding that it has now become the number-one concern of corporate boards. The reasons for this board-level concern are not hard to understand. Enterprises can be — and many already have been — badly shaken by cyber security breaches. However, the more important thing to know about the boardroom’s interest in cyber security is that it can be highly effective for building a framework with better security. One thing we have…
  • CISOs Must Exhibit Dexterity When Addressing a Cyber Security Risk

    Christopher Burgess
    23 Jul 2014 | 8:29 am
    Ensuring the security, availability and authenticity of the various data sets that a company creates or is entrusted with by its partners and customers should be top-of-mind for a chief information security officer (CISO) focused on cyber security risk. It’s a broad brush indeed, and for many smaller companies, a CISO is a luxury that they simply cannot afford. However, this does not obviate the need to have the CISO’s responsibility and accountability fall within the remit of a senior company executive. Cyber Security Risk That said, does the role of the CISO require technical or…
  • The Stark Realities of Today’s Cyber Security Landscape

    Fran Howarth
    22 Jul 2014 | 7:29 am
    A recent report from IBM titled “2014 Cyber Security Intelligence Index” provides an up-to-date, high-level overview of the major threats facing organizations today and the trends being seen in the evolution of the threat landscape. With data gathered through the monitoring of clients’ technology platforms worldwide and analysis of the security intelligence gleaned, it describes the types of attacks being seen and their impact on organizations. The report describes the threat landscape as dominated by well-funded and businesslike adversaries using extremely sophisticated,…
  • Is Password Protection Really Enough?

    Fran Howarth
    21 Jul 2014 | 7:04 am
    The recently-released 2014 BYOD and Mobile Security Spotlight Report from the LinkedIn Information Security group, sponsored by IBM, sheds light on the current state of the bring-your-own-device (BYOD) trend among organizations. As might be expected, security is considered an issue by many organizations, but the majority of them are relying on password protection alone to protect their data. Is that really enough? Personal devices are widely used at 45 percent of organizations (albeit not always with the support of the organization) and in limited use at a further 26 percent, the report…
  • add this feed to my.Alltop

    Security Bloggers Network

  • Cliché: open-source is secure

    Robert Graham
    28 Jul 2014 | 8:35 pm
    Some in cybersec keep claiming that open-source is inherently more secure or trustworthy than closed-source. This is demonstrably false.Firstly, there is the problem of usability. Unusable crypto isn't a valid option for most users. Most would rather j...
  • SBN Sponsor Post

    Kevin Riggins
    28 Jul 2014 | 7:00 pm
  • Responsible Disclosure – Sucuri Open Letter to MailPoet and Future Disclosures

    Tony Perez
    28 Jul 2014 | 5:53 pm
    Many don’t know who I am. My name is Tony Perez, I’m the CEO of Sucuri. I have the pleasure of calling this company my family and everyday I work for every person at this company. My partner is Daniel Cid. He is one of the foremost thought leaders in the website security domain, hisRead More
  • 1,000,000 lost credit cards = £150,000 fine

    Paul Ducklin
    28 Jul 2014 | 4:44 pm
    A UK travel company has been fined £150,000 for putting an "internal only" parking database system on the internet without securing it first. The vulnerable system was used as a stepping stone for a crook to steal more than 1M e-commerce records.
  • Fancy $110,000? Easy! Just be Russian and find a way of cracking Tor

    Graham Cluley
    28 Jul 2014 | 4:40 pm
    It looks like Russia is looking for a way to crack down on those who try to hide their activities from law enforcement agencies and government censors. Read more in my article on the Hot for Security blog.
 
  • add this feed to my.Alltop

    blog.hotspotshield.com

  • Two New Virtual Locations Added for Hotspot Shield – Germany & Canada

    Peter Nguyen
    20 Jul 2014 | 11:03 pm
    Anchorfree has recently added servers in Canada and Germany to create virtual locations in these countries. We now have virtual locations in 6 countries: USA, Japan, United Kingdom, Australia, Canada and Germany. The addition of these 2 new virtual locations means you have access to a larger pool of VPN servers and IP addresses, giving you the fastest connections possible wherever you are. So, If you are living in Canada or Germany, you now can enjoy faster connections to access blocked content, protect your privacy, and secure your Internet communications. Benefits for Expats If you are a…
  • Could License Plate Recognition Databases Infringe on Your Privacy?

    Peter Nguyen
    8 Jul 2014 | 12:04 am
    Our ability to collect, store, and search data has increased at an alarming rate over the past an effort to prevent terrorism. And now, an additional debate about privacy has arisen as the Department of Homeland Security has advocated a national license plate database that will incorporate license plate image data to assist law enforcement. Is this collection infringing on privacy rights? And should the data be available to private companies, particularly those that aid in the collection of such datadecade thanks to our ability to digitize information. Debates over privacy have cropped up as…
  • 5 Terrifying Ramifications of Medical Identity Theft

    Peter Nguyen
    2 Jul 2014 | 12:13 am
    Last year, nearly two million Americans became a victim of medical identity theft, 32 percent more than the year before. Today, medical identity theft accounts for 43 percent of all identity theft in the United States, and cases are rising faster than any other type of identity theft. Medical identity theft occurs when someone uses another person’s name and other personal attributes to fraudulently receive medical products or services, including prescription drugs and insurance reimbursements. As this crime becomes increasingly more common, it’s important to consider some of its…
  • Facebook Security for Parents and Teens

    Robert Siciliano
    27 Jun 2014 | 9:17 am
    Facebook offers a hefty amount of security measures that parents and teens should know about. The Login Social authentication – A hacker will have a harder time hacking into your Facebook account if he or she must identify your friends via photos – This verification process is social authentication, and it’s easier to use than having to remember another password. ID verification – A new user must create a security question with an answer. An extra layer of security is achieved when the user adds their smartphone number so they can receive a text message with a code.
  • Using Modern Tech to Catch Cyberbullies

    Peter Nguyen
    23 Jun 2014 | 11:39 pm
    If your child has ever been bullied, then you already know how much pain it causes, especially when the bullying goes from the classroom to the Internet. Online identities give users a certain level of anonymity when it comes to cyberbullying, but parents and law enforcement are using the very technology bullies abuse to catch the cyber-tormentors in the act. With digital detective work in mind, here are a number of ways modern tech is putting an end to cyberbullying. Look for Signs of Bullying Cyberbullying can take on many forms, such as harassment and humiliation, so it’s important…
  • add this feed to my.Alltop

    Blog - CloudEntr | Single Sign On | Password Manager

  • And Then There was One: Secure File Sharing & Access in the Cloud from CloudEntr

    Ella Segura
    28 Jul 2014 | 6:00 am
    Ella Segura serves as the Product Manager for CloudEntr, guiding the product road map and all new features and developments.Businesses Unique, All-in-One Solution for Securing Access and Files in the Cloud Gone are the days that businesses operated their own little fiefdoms, where IT reigned supreme and all the people thankfully fell in line behind the resources that were given to them.Enter the internet and the cloud.Today, businesses are connected more than ever before and their on-location castle walls, no matter how strong, are no longer sufficient. We communicate through many channels:…
  • What can J-Lo Teach us About SAML, and Why Should your Business Care?

    Christopher Bartik
    27 Jul 2014 | 6:00 am
    We’re pretty excited about adding SAML support to CloudEntr. But whenever we start telling our friends and family, their eyes glaze over. For some reason, they don’t find it as exciting as we do. If you’re using cloud-based applications in your business (and that covers most businesses), there are good reasons to care – deeply – about SAML. Here are three of them:SAML gives you cloud-based Single Sign-On (SSO) without relying on passwords. That’s right, there are no passwords to be phished, reset, forgotten, or stolen.For apps that use SAML, your business has complete control…
  • CloudEntr Brings Big Business Identity and Access Management to the Small Enterprise: A Review

    Macey Morrison
    22 Jul 2014 | 7:03 am
    At CloudEntr, we love to be loved by our customers (spoiler: we love them back), so we were especially excited to receive a little press from one of our customers AVISIAN Publishing, publishers of more than 10 print and digital publications specializing in the identification technology space.AVISIAN shared the same pain as many of our customers regardless of industry did: too many SaaS apps with no way to manage and share access securely with their colleagues and/or customers. So the AVISIAN team took the plunge by evaluating password managers and identity and access management solutions.
  • An Enlightened Approach to Password Security: Getting Beyond 8 Characters

    Macey Morrison
    9 Jul 2014 | 6:00 am
    Security pros know that a user name and password pair isn’t the most secure method of logging into your businesses sites and apps – just wait a news cycle and you’re sure to hear about another breach where a company’s passwords have been exposed. But for the time being passwords are still the defacto way that we access our business applications and websites on a daily basis. And as a result we’ve all run into – or had to enforce – those annoying rules for creating strong passwords:At least 8 charactersMix of uppercase and lowercase lettersMust include at least one numberMust…
  • New Feature Release: More from Two-factor Authentication

    Ella Segura
    23 May 2014 | 4:17 am
    Ella Segura serves as the Product Manager for CloudEntr, guiding the product road map and all new features and developments. Businesses want assurance that their data and resources are safe, and it’s no secret that passwords are not cutting it anymore. Let’s be honest, they are the weakest link in the security chain. And why is that? Well, it’s mostly attributed to the “something you know” piece of the authentication equation AKA the human element.Strong password habits are clear: use uncommon and nonsensical character combinations, the longer the better, avoid common phrases and…
  • add this feed to my.Alltop

    Quotium

  • Some key (yet funny) terminologies in AGILE Scrum

    Quotium Research Center
    18 Jul 2014 | 3:03 am
    Agile has been the buzz word of the industry since 4-5 years now. It has turned around many businesses. It has not just drastically changed the cost side of the profitability tree but also improved upon the revenue side by shipping better products. Agile practitioners are no longer willing to even talk about the traditional […] The post Some key (yet funny) terminologies in AGILE Scrum appeared first on www.quotium.com
  • Leading the KANBAN way!!!

    Quotium Research Center
    18 Jul 2014 | 1:47 am
    What is Kanban? KANBAN is a Toyota principle and literally means ‘Signboard’ in Japanese. Kanban advocates continuous improvement and emphasizes on making everyone get an explicit and clear idea of the entire process. It advocates minimum work in progress inventory and just in time production. This allows team to bring continuous improvement in their operations […] The post Leading the KANBAN way!!! appeared first on www.quotium.com
  • DSDM Project Lifecycle

    Quotium Research Center
    18 Jul 2014 | 1:34 am
    A DSDM project consists of three key phases – Pre project phase Project lifecycle phase and Post project phase Pre project phase: In the pre project discussions happen at super management level wherein the business problems are identified, applications (to be built) are decided, these applications are prioritized, budget is allocated for the same and […] The post DSDM Project Lifecycle appeared first on www.quotium.com
  • Core principles and properties in KANBAN explained!

    Quotium Research Center
    18 Jul 2014 | 1:15 am
    Kanban derive its name from the Toyota principles of Lean and JIT production process. Some of Toyota’s key principles made it one of the market leaders in low cost production and helped them become industry leader in setting up many practices that others in the industry tried to follow. Kanban as in software development methodology […] The post Core principles and properties in KANBAN explained! appeared first on www.quotium.com
  • Data driven testing – DDT

    Quotium Research Center
    17 Jul 2014 | 3:20 am
    What is Data Driven testing? Applications have become very data dependent. A user while accessing a site need to enter a lot of data items which means a lot of input items. And each of the input item can have thousands of different types of words or keys. It is thus necessary to reproduce the […] The post Data driven testing – DDT appeared first on www.quotium.com
 
Log in