Web App Security

  • Most Topular Stories

  • The POODLE Attack and the End of SSL 3.0

    Mozilla Security Blog
    rbarnes
    14 Oct 2014 | 4:15 pm
    Summary SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible, in order to avoid compromising users’ private information. We have a plan to turn off SSLv3 in Firefox. This plan was developed with other browser vendors after a team at Google discovered a critical flaw in SSLv3, which can allow an attacker to extract secret information from inside of an encrypted transaction. SSLv3 is an old version of the security system that underlies secure Web transactions and is known as the “Secure Sockets Layer”…
  • UPnP Devices Used in DDoS Attacks

    Liquidmatrix Security Digest
    Bill Brenner
    15 Oct 2014 | 3:59 am
    Attackers are using Universal Plug and Play (UPnP) devices to launch massive DDoS assaults, Akamai’s Prolexic Security Engineering & Research Team (PLXsert) warned this morning in an advisory. PLXsert estimates that 4.1 million UPnP devices are potentially vulnerable to exploits used for reflection DDoS attacks. That’s about 38 percent of the 11 million devices in use around the world. PLXsert plans to share the list of potentially exploitable devices to members of the security community in an effort to collaborate with cleanup and mitigation efforts. PLXsert said the attack…
  • Analysis of SandWorm (CVE-2014-4114) 0-Day

    Zscaler Research
    Deepen Desai
    14 Oct 2014 | 5:42 pm
    Background iSIGHT Partners, working with Microsoft, today published details of a 0day vulnerability (CVE-2014-4114) used in a possible Russian cyber-espionage campaign targeting NATO, the European Union, the Telecommunications and Energy sectors. In this blog, we will provide a quick analysis of an exploit payload targeting this vulnerability, presently in the wild and showcase Zscaler's APT
  • Creating a mobile app from a simple HTML site

    Mozilla Hacks - the Web developer blog
    Piotr Zalewa
    16 Oct 2014 | 6:00 am
    This article is a simple tutorial designed to teach you some fundamental skills for creating cross platform web applications. You will build a sample School Plan app, which will provide a dynamic “app-like” experience across many different platforms and work offline. It will use Apache Cordova and Mozilla’s Brick web components. The story behind the app, written by Piotr I’ve got two kids and I’m always forgetting their school plan, as are they. Certainly I could copy the HTML to JSFiddle and load the plan as a Firefox app. Unfortunately this would not load…
  • Update: PDFiD With Plugins Part 1

    Didier Stevens
    Didier Stevens
    20 Oct 2014 | 1:51 am
    Almost from the beginning when I released PDFiD, people asked me for anti-virus like feature: that PDFiD would tell you if a PDF was malicious or not. Some people even patched PDFiD with a scoring feature. But I didn’t want to develop an “anti-virus” for PDFs; PDFiD is a triage tool. Now you can develop your own scoring system with plugins. Plugins are loaded with option -p, like this: I provide 3 plugins: plugin_triage.py, plugin_nameobfuscation.py and plugin_embeddedfile.py. You can run more than one plugin by separating their names with a comma: pdfid.py -p…
  • add this feed to my.Alltop

    Mozilla Security Blog

  • The POODLE Attack and the End of SSL 3.0

    rbarnes
    14 Oct 2014 | 4:15 pm
    Summary SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible, in order to avoid compromising users’ private information. We have a plan to turn off SSLv3 in Firefox. This plan was developed with other browser vendors after a team at Google discovered a critical flaw in SSLv3, which can allow an attacker to extract secret information from inside of an encrypted transaction. SSLv3 is an old version of the security system that underlies secure Web transactions and is known as the “Secure Sockets Layer”…
  • CSP for the web we have

    mgoodwin
    4 Oct 2014 | 1:47 am
    Introduction: Content Security Policy (CSP) is a good safety net against Cross Site Scripting (XSS). In fact, it’s the best one and I would recommend it to anyone building new sites. For existing sites, implementing CSP can be a challenge because CSP introduces some restrictions by default and, if the code was written without these restrictions in mind, work will be required. Also, working around these issues can negate the benefits of applying a policy in the first place. In particular, inline scripts require thought; they’re commonly used and, if they’re allowed by your…
  • RSA Signature Forgery in NSS

    Daniel Veditz
    24 Sep 2014 | 6:29 pm
    Issue A flaw in the Network Security Services (NSS) library used by Firefox and other products allows attackers to create forged RSA certificates. Mozilla has released updates to fix this vulnerability and you should apply these updates to ensure your safety on the internet. Impact to Users Users on a compromised network could be directed to sites using a fraudulent certificate and mistake them for legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it’s coming from…
  • Phasing Out Certificates with SHA-1 based Signature Algorithms

    kwilson
    23 Sep 2014 | 3:13 pm
    Many of the certificates used by secure websites today are signed using algorithms based on a hash algorithm called SHA-1. The integrity of the hash algorithm used in signing a certificate is a critical element in the security of the certificate. Weaknesses in hash algorithms can lead to situations in which attackers can obtain fraudulent certificates. Mozilla, along with other browser vendors, is working on a plan to phase out support for the SHA-1 hash algorithm. SHA-1 is nearly twenty years old, and is beginning to show its age. In the last few years, collision attacks undermining some…
  • A Faster Content Security Policy (CSP)

    ckerschbaumer
    10 Sep 2014 | 9:14 am
    With the establishment of CSP Level 2, Mozilla shifted gears and reimplemented CSP in C++. This security feature first shipped in Firefox 4 (2011), and until now was implemented in a combination of JavaScript and C++. The new implementation is based solely on C++ and without the need to connect two languages, which increases performance and simplifies the implementation. This allows us faster turnaround when deploying new features established by future layers of the CSP standard. We’re thrilled to report that CSP in Firefox now works faster than ever. Performance measurements: We…
 
  • add this feed to my.Alltop

    Liquidmatrix Security Digest

  • UPnP Devices Used in DDoS Attacks

    Bill Brenner
    15 Oct 2014 | 3:59 am
    Attackers are using Universal Plug and Play (UPnP) devices to launch massive DDoS assaults, Akamai’s Prolexic Security Engineering & Research Team (PLXsert) warned this morning in an advisory. PLXsert estimates that 4.1 million UPnP devices are potentially vulnerable to exploits used for reflection DDoS attacks. That’s about 38 percent of the 11 million devices in use around the world. PLXsert plans to share the list of potentially exploitable devices to members of the security community in an effort to collaborate with cleanup and mitigation efforts. PLXsert said the attack…
  • PLXsert warns of Spike DDoS Toolkit

    Bill Brenner
    24 Sep 2014 | 8:01 am
    Akamai’s Prolexic Security Engineering and Research Team (PLXsert) is tracking the spread of Spike, a new malware toolkit that poses a threat to embedded devices, as well as Linux and Windows systems. Several versions of Spike can communicate and execute commands to infected Windows, desktop Linux and ARM-based devices running the Linux operating system (OS), PLXsert said in an advisory Wednesday morning. From the advisory: Binary payloads from this toolkit are dropped and executed after the successful compromise of targeted devices, which may include PCs, servers, routers, Internet of…
  • Data Breach Victims or Enablers?

    Bill Brenner
    19 Sep 2014 | 8:28 am
    Back in May,  my good friend Eric Cowperthwaite caused a stir with a blog post about security breach victims getting demonized for failing to prevent break-ins. Other industry friends passionately disagreed. My thinking on the matter continues to evolve. But as is usually the case, my thinking takes me to the middle. Companies that suffer a breach — Home Depot and Target have been among this year’s biggest poster children — are victims. They don’t set out to put their customers’ data in danger and they probably thought they were practicing all due diligence…
  • After 9-11, Fear Made Us Stupid

    Bill Brenner
    12 Sep 2014 | 6:31 am
    Included in all the tweets and Facebook postings about the 13th anniversary of 9-11 yesterday was this from friend and co-worker Martin McKeay: Never forget 9/11 and terrorism. But don’t forget how many rights have been taken from us in the name of fighting terrorism. He’s got that right. There’s been plenty of outrage in recent years over the U.S. government running wild, violating our privacy in the name of security. The Bush Administration was rightly criticized over warrantless wiretapping. More recently, the Obama Administration and such government agencies as the NSA…
  • Exposing Gregory Evans: It Can Be Done

    Bill Brenner
    5 Sep 2014 | 6:06 am
    Thanks to the efforts of Attrition.org, we’ve known for years that LIGATT Security and Gregory Evans can’t be trusted. That article includes a long list of examples where Evans has committed plagiarism and threatened those who question his credentials as a hacker. There are court documents on the Internet that add to the evidence. I won’t go into the full summary of misdeeds here, because veteran security professionals have heard and seen it all before. Besides, I can’t do it any better than Attrition.org already has. Despite all we know about Evans, the mainstream…
  • add this feed to my.Alltop

    Zscaler Research

  • Analysis of SandWorm (CVE-2014-4114) 0-Day

    Deepen Desai
    14 Oct 2014 | 5:42 pm
    Background iSIGHT Partners, working with Microsoft, today published details of a 0day vulnerability (CVE-2014-4114) used in a possible Russian cyber-espionage campaign targeting NATO, the European Union, the Telecommunications and Energy sectors. In this blog, we will provide a quick analysis of an exploit payload targeting this vulnerability, presently in the wild and showcase Zscaler's APT
  • #BASHed Evolution of Shellshock Attack payloads

    Deepen Desai
    7 Oct 2014 | 1:43 pm
    Background We recently blogged about the GNU Bash arbitrary code execution vulnerability (CVE-2014-6271) dubbed as Shellshock and covered some initial attacks that we captured in the wild during the first week of this vulnerability disclosure. We have continued to monitor the Shellshock exploit attacks and the malicious payloads that were getting dropped over past two weeks. In this blog, we
  • Fiesta Exploit Kit: Live Infection

    Sameer Patil
    29 Sep 2014 | 12:11 am
    During our daily hunt for Exploit Kits (EK), we came across many live Fiesta exploit chains. The infection started from the following compromised domains:       orpi.com       soyentrepreneur.com       interfacelift.com Compromised sites: The attackers often leverage compromised sites to serve as the first level of redirection in the EK infection cycle. In the first Fiesta EK instance
  • Shellshock attacks spotted in wild [Updated Sept 26]

    Deepen Desai
    25 Sep 2014 | 6:19 pm
    [Updated Sept 26, 2014: added new analysis and exploit attempts] Background GNU Bash is susceptible to an arbitrary code execution vulnerability (CVE-2014-6271) dubbed as Shellshock. The vulnerability is due to failure to properly handle environment variables. A remote attacker can exploit this flaw by interacting with an application that uses BASH environment variables to override or bypass
  • Malvertising campaign leading to Zemot

    Chris Mannon
    19 Sep 2014 | 1:52 pm
    Malvertising has become a serious problem for advertisers and their clients alike. Times of Israel has been affected already by such an attack. During our analysis, we discovered multiple other legitimate websites affected by the same malvertising campaign. We have informed the website owners to take action. Below is a brief timeline of attack. A legitimate site leveraging zedo
 
  • add this feed to my.Alltop

    Mozilla Hacks - the Web developer blog

  • Creating a mobile app from a simple HTML site

    Piotr Zalewa
    16 Oct 2014 | 6:00 am
    This article is a simple tutorial designed to teach you some fundamental skills for creating cross platform web applications. You will build a sample School Plan app, which will provide a dynamic “app-like” experience across many different platforms and work offline. It will use Apache Cordova and Mozilla’s Brick web components. The story behind the app, written by Piotr I’ve got two kids and I’m always forgetting their school plan, as are they. Certainly I could copy the HTML to JSFiddle and load the plan as a Firefox app. Unfortunately this would not load…
  • Passwordless authentication: Secure, simple, and fast to deploy

    Florian Heinemann
    15 Oct 2014 | 3:11 am
    Passwordless is an authentication middleware for Node.js that improves security for your users while being fast and easy to deploy. The last months were very exciting for everyone interested in web security and privacy: Fantastic articles, discussions, and talks but also plenty of incidents that raised awareness. Most websites are, however, still stuck with the same authentication mechanism as from the earliest days of the web: username and password. While username and password have their place, we should be much more challenging if they are the right solution for our projects. We know that…
  • Unity games in WebGL: Owlchemy Labs’ conversion of Aaaaa! to asm.js

    Alex Schwartz
    14 Oct 2014 | 11:00 am
    You may have seen the big news today, but for those who’ve been living in an Internet-less cave, starting today through October 28 you can check out the brand spankin’ new Humble Mozilla Bundle. The crew here at Owlchemy Labs were given the unique opportunity to work closely with Unity, maker of the leading cross-platform game engine, and Humble to attempt to bring one of our games, Aaaaa! for the Awesome, a collaboration with Dejobaan Games, to the web via technologies like WebGL and asm.js. I’ll attempt to enumerate some of the technical challenges we hit along the way as well as…
  • Blend4Web: the Open Source Solution for Online 3D

    Yuri Kovelenov
    7 Oct 2014 | 9:34 am
    Half year ago Blend4Web was first released publicly. In this article I’ll show what Blend4Web is, how it is evolved and and how it can be used for web development. What Is Blend4Web? In short, Blend4Web is an open source framework for creating 3D web applications. It uses Blender – the popular open source 3D modeling suite – as the primary authoring tool. 3D graphics is rendered by means of WebGL which is also an open standard technology. The two main keywords here – Blender and Web(GL) – explain the purpose of this engine perfectly. The full source code of…
  • The Missing SDK For Hybrid App Development

    Adam Bradley
    1 Oct 2014 | 7:13 am
    Hybrid vs. native: The debate has gone on, and will go on, for ages. Each form of app development has its pros and cons, and an examination of the key differences between the two methods reveals that a flat correlation is like comparing apples to oranges. Many hybrid app developers understand that they’re not starting on a level playing field with native developers, but it’s important for them to understand exactly how that field fails to be level. We should analyze the differences at the app development framework level, instead of simply comparing hybrid to native. Native App Development…
  • add this feed to my.Alltop

    Didier Stevens

  • Update: PDFiD With Plugins Part 1

    Didier Stevens
    20 Oct 2014 | 1:51 am
    Almost from the beginning when I released PDFiD, people asked me for anti-virus like feature: that PDFiD would tell you if a PDF was malicious or not. Some people even patched PDFiD with a scoring feature. But I didn’t want to develop an “anti-virus” for PDFs; PDFiD is a triage tool. Now you can develop your own scoring system with plugins. Plugins are loaded with option -p, like this: I provide 3 plugins: plugin_triage.py, plugin_nameobfuscation.py and plugin_embeddedfile.py. You can run more than one plugin by separating their names with a comma: pdfid.py -p…
  • Announcement: PDFiD Plugins

    Didier Stevens
    30 Sep 2014 | 2:30 pm
    I have a new version of PDFiD. One with plugins and selections. Here’s a preview:
  • Update: XORSearch With Shellcode Detector

    Didier Stevens
    28 Sep 2014 | 5:00 pm
    XORSearch allows you to search for strings and embedded PE-files brute-forcing different encodings. Now I added shellcode detection. This new version of XORSearch integrates Frank Boldewin’s shellcode detector. In his Hack.lu 2009 presentation, Frank explains how he detects shellcode in Microsoft Office documents by searching for byte sequences often used in shellcode. I integrated Frank’s methods in XORSearch, so that you can use it for any file type, not only Microsoft Office files. Frank was kind enough to give me his source code for the detection engine. However, I did not…
  • Video: PDF Creation – Public Tools

    Didier Stevens
    23 Sep 2014 | 1:27 pm
    Have you subscribed to my new video blog: videos.didierstevens.com ? If not, you missed my new video where I show my public tools to create PDFs.
  • FileScanner.exe Part 4

    Didier Stevens
    17 Sep 2014 | 5:00 pm
    Please read part 1, part 2 and part 3 for more info. A few remarks for people having issues running my program. Folder Release contains a 32-bit executable that requires the Visual C++ Redistributable Packages for Visual Studio 2013. Folder Release CRT contains a 32-bit executable with embedded C runtime, it does not require the redistributable. Folder x64 contains 64-bit executables. I included a rule file as example, filescanner-analysis-01.txt: #Comment exhaustive PK:start:str=PK $META:icontent:str=MANIFEST.MF JAR:and:PK $META CLASS:start:CAFEBABE MZ:start:4D5A PDF:start:str=%PDF-…
 
  • add this feed to my.Alltop

    Technicalinfo.net Blog

  • If Compliance were an Olympic Sport

    6 Oct 2014 | 1:52 pm
    First published on the NCC Group blog - 6th October 2014...It probably won’t raise any eyebrows to know that for practically every penetration tester, security researcher, or would-be hacker I know, nothing is more likely to make their eyes glaze over and send them to sleep faster than a discussion on Governance, Risk, and Compliance (i.e. GRC); yet the dreaded “C-word” (Compliance) is a core tenant of modern enterprise security practice.Security professionals that come from an “attacker” background often find that their contention with Compliance is that it represents the lowest…
  • The Pillars of Trust on the Internet

    6 Oct 2014 | 1:48 pm
    As readers may have seen recently, I've moved on from IOActive and joined NCC Group. Here is my first blog under the new company... first published September 15th 2014...The Internet of today in many ways resembles the lawless Wild West of yore. There are the land-rushes as corporations and innovators seek new and fertile grounds, over yonder there are the gold-diggers panning for nuggets in the flow of big data, and crunching under foot are the husks of failed businesses and discarded technology.For many years various star-wielding sheriffs have tried to establish a brand of law and order…
  • Smart homes still not "smarter than a fifth-grader"

    31 Jul 2014 | 10:01 pm
    Smart Home technologies continue to make their failures headline news. Only yesterday did the BBC ran the story "Smart home kit proves easy to hack, says HP study" laying out a litany of vulnerabilities and weaknesses uncovered in popular internet-connected home gadgetry by HP's Fortify security division. If nothing else the story proves that household vulnerabilities are now worthy of attention - no matter how late HP and the BBC are to the party.As manufacturers try to figure out how cram internet connectivity in to their (formerly) inanimate appliance and turn it in something you can…
  • Consumer Antivirus Blogs

    11 Dec 2013 | 10:47 pm
    OK, I give up, what's up with all the blog sites run by the antivirus vendors - in particular the consumer-level antivirus products? Every day the post essentially the same damned blog entries. What is the purpose of those blogs?You know the blogs I mean. Day-in, day-out, 20+ antivirus companies post the same mind-numbing blog entries covering their dissection of their latest "interesting" piece of malware or phishing campaign. The names of the malware change, but it's the same blow-by-blow step through of another boring piece of malware, with the same dire warnings that you need…
  • Divvy Up the Data Breach Fines

    7 Dec 2013 | 4:21 pm
    There are now a bunch of laws that require companies to publicly disclose a data breach and provide guidance to the victims associated with the lost data. In a growing number of cases there are even fines to be paid for very large, or very public, or very egregious data breaches and losses of personal information.I often wonder what happens to the money once the fines have been paid. I'm sure there's some formula or stipulation as to how the monies are meant to be divided up and to which coffers they're destined to fill. But, apart from paying for the bodies that brought forth the case for a…
  • add this feed to my.Alltop

    CERIAS Combined Feed

  • Donate to the Ada Initiative!

    Gene Spafford
    7 Oct 2014 | 2:22 pm
    I just heard about the fund drive for the Ada Initiative. There are only a few days left in their fund drive supporting women in the tech community. Their efforts are certainly in line with some of my earlier blog posts (including here and here), and thus worthy of support. Your contribution can make a difference, so please give it some thought. (And yes, there are lots of other worthy efforts out there, from abolishing cancer to feeding kids to stopping terrorism. Don’t use that as an excuse to not support at least some worthwhile causes!)
  • Sensors Everywhere Could Mean Privacy Nowhere, Expert Says

    CERIAS Webmaster
    18 Sep 2014 | 5:34 am
    Eugene Spafford, professor of computer science at Purdue University and executive director of the Center for Education and Research in Information Assurance and Security (CERIAS), says the so-called “Internet of Things” will see small microprocessors and sensors placed seemingly everywhere, and these devices will collect much data about us - often without our knowledge. More information »
  • National Cyber Security Hall of Fame announces Final Selectees for the Class of 2014

    CERIAS Webmaster
    10 Sep 2014 | 7:25 am
    PRESS RELEASE - Baltimore, MD (September 1, 2014) (http://www.cybersecurityhalloffame.com/) Mike Jacobs, Chairman of the Advisory Board for the National Cyber Security Hall of Fame, released the names of 5 innovators who will be enshrined in the Hall of Fame on Thursday, October 30th at a gala at the Four Seasons in Baltimore. In announcing the inductees, Jacobs, the first Information Assurance Director for the National Security Agency (NSA) and a respected cybersecurity consultant to government and industry said, “these honorees continue to advance our goal of “respecting the past” in…
  • What is wrong with all of you? Reflections on nude pictures, victim shaming, and cyber security

    Gene Spafford
    4 Sep 2014 | 8:06 pm
    [This blog post was co-authored by Professor Samuel Liles and Spaf.] Over the last few days we have seen a considerable flow of news and social media coverage of untended exposure of celebrity photographs (e.g., here). Many (most?) of these photos were of attractive females in varying states of undress, and this undoubtedly added to the buzz. We have seen commentary from some in the field of cybersecurity, as well as more generally-focused pundits, stating that the subjects of these photos “should have known better.” These commentators claim that it is generally known that passwords/cloud…
  • CERIAS Researchers Win Student Paper Award

    CERIAS Webmaster
    26 Aug 2014 | 11:23 am
    CERIAS researchers won the Best Student Paper award at the 23rd USENIX Security Symposium, a top-tier computer systems security conference. The paper, “DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse,” was co-authored by Ph.D. students Brendan Saltaformaggio and Zhongshu Gu, with CS Professors Xiangyu Zhang and Dongyan Xu. This award was presented at the conference on August 20 in San Diego. (Photo: Brendan Saltaformaggio accepting the award from Dr. Kevin Fu, Chair of the conference.) Figure 1. DSCRETE is a memory forensics tool for…
  • add this feed to my.Alltop

    Security Bloggers Network

  • SBN Sponsor Post

    Kevin Riggins
    20 Oct 2014 | 7:00 pm
  • FBI Director James Comey says Apple and Google go “too far” with default encryption

    John Zorabedian
    20 Oct 2014 | 4:26 pm
    FBI Director James Comey says Apple and Google go too far with default encryption settings on mobile devices, including the iPhone 6 and Nexus 6 running on Android 5.0 Lollipop. Does the FBI really have a legal right to exploit encryption backdoors to...
  • Study Finds Nearly Half of Holiday Shoppers Will Avoid Breached Retailers

    Maritza Santillan
    20 Oct 2014 | 3:58 pm
    The post Study Finds Nearly Half of Holiday Shoppers Will Avoid Breached Retailers appeared first on The State of Security.
  • Week 42 In Review – 2014

    md
    20 Oct 2014 | 2:58 pm
    Events Related BlackHat Europe 2014 Wrap-Up Day #1 – blog.rootshell.be BlackHat is back in Amsterdam and here is Xavier’s wrap-up for the first day. The day started with the Adi Shamir’s keynote and some crypto. BlackHat Europe 2014 Wrap-Up Day #2 – blog.rootshell.be Here is Xavier’s small wrap-up for the second BlackHat day. His first choice was […] The post Week 42 In Review – 2014 appeared first on Infosec Events.
  • Apple adds a few more security fixes in iOS 8.1

    ZDNet | Zero Day Blog RSS
    20 Oct 2014 | 1:46 pm
    It's only about a month since iOS 8.0 was released so there's not much new in security patches to add to 8.1. Two of the fixes also show up in a new Apple TV version.
 
  • add this feed to my.Alltop

    blog.hotspotshield.com

  • Beware of the POODLE Bug

    Peter Nguyen
    19 Oct 2014 | 11:08 pm
    Do you spend a lot of time surfing the Internet at public places such as Starbucks? There’s a new security bug that you should be aware of. This security vulnerability could give hackers access to your bank, social media, and email accounts! This security hole is called POODLE. No, it doesn’t behave or bark like a dog. POODLE actually stands for “Padding Oracle On Downgraded Legacy Encryption.” What is the POODLE bug? POODLE is a security bug in version 3 of the Secure Sockets Layer protocol (SSLv3). It was recently discovered by Google researchers. SSL protocol is used to…
  • How Safe is the Digital Wallet on Your Smartphone?

    Peter Nguyen
    15 Oct 2014 | 10:26 pm
    Apple’s new digital wallet software may revolutionize the way people pay for things. While the digital wallet concept and various apps have been in use for years, few people have really embraced the technology. This may be due to the limited number of merchants who accept wallet apps, or technology barriers that prevent seamless integration between various apps and networks, or a low level of trust in the safety and security of digital wallets. Apple’s entry into the digital wallet market may change all of that by capitalizing on its excellent reputation for simplicity and its…
  • It’s National Cyber Security Awareness Month

    Peter Nguyen
    12 Oct 2014 | 7:58 pm
    This month marks the 11th anniversary of the National Cyber Security Awareness Month. Sponsored by the Department of Homeland Security and in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center, National Cyber Security Month was created to raise awareness among the public about cyber security. As the same for last year, this year’s theme is Our Shared Responsibility. With the internet becoming a more integral part of our daily lives, it’s important for everyone to take necessary actions to protect yourself and to make…
  • Russian Internet Censorship: How it Helps Keep Putin in Power

    Peter Nguyen
    9 Oct 2014 | 10:46 pm
    When Vladimir Putin first became the Prime Minister of Russia in 1999, approximately 2 million members of his public had access to the Internet. Fast-forward 15 years: Putin is now the country’s president, and nearly half of Russia’s 144 million people have access to the web. At first glance, that statistic seems impressive. Russia’s Internet use has indeed grown during the last decade and a half. When you consider the fact that about 85 percent of the 319 million people in the U.S. habitually use the Web, however, it becomes clear that Russia is lagging behind the times.
  • People Analytics: Ways Big Data is Changing Human Resource Practices

    Peter Nguyen
    7 Oct 2014 | 10:20 pm
    Is your new boss a computer? On the surface, this question may seem absurd. Although we are living in an age of pervasive computing, the electronic box has yet to supplant humans in decision-making capacities. Or has it? Modern companies are increasingly turning to deep data metrics, often known by the colloquial term “Big Data,” to fuel decisions about hiring and firing. These days, the bit of information you didn’t know they knew may be your biggest vulnerability. The End of Interviews? In old movies, hiring is the result of long interview processes and often comes down to the…
  • add this feed to my.Alltop

    Blog - CloudEntr

  • 4 reasons why your client's data is your data

    Christopher Bartik
    17 Oct 2014 | 12:03 pm
    If information is power, let’s face it, you’re getting closer and closer to super-man/woman status, but before you step inside that booth and go about your day saving lives, you may want to brush up on what today’s grateful citizens are expecting of you. After all, they have entrusted you with all sorts of sensitive information, including their customers’ and clients’ files, applications, credential data, etc.As the number of data breaches continues to rise, service organizations and others who deal in high volumes of privileged information may find themselves yearning for the days…
  • Don't become a breached whale: Password tips to keep you afloat

    Christopher Bartik
    26 Aug 2014 | 6:30 am
    It’s late at night. You’ve just gotten home from a long day at work and the last thing you want to think about is anything requiring you to well, think. The couch beckons and soon enough you’re flipping through your DVR looking for your Game of Thrones fix. Most days you’ll fall into detached, trancelike viewing, but today something on the news sparks your attention: There was a robbery in your neighborhood. The news reporter says the thief is taking advantage of all the people who leave their doors unlocked. From the couch, you look to your own front door and see that it is, indeed,…
  • Cloud Sprawl: A Business's Guide to Secure Cloud Data for Employees and Customers

    Macey Morrison
    21 Aug 2014 | 7:02 am
    Shadow IT, a shady landscape for business, or is it?Cloud sprawl causes headaches for all of us… we have too many cloud services for CRM, accounting, and file sharing not to mention those “personal” services that we’re all guilty of bringing into the workplace. And to add further complexity, others don’t always use the same apps to solve the same problem that we do. Different people have unique preferences and businesses deploy competing services.Take Sarah in marketing for instance. She may love Dropbox personally, but Bill in Finance wants budgets shared in SkyDrive, while Mary in…
  • Deconstructing big time data breaches: Where the big boys failed and what your business can learn

    Christopher Bartik
    12 Aug 2014 | 10:40 am
    These days, it seems not a day goes by without a data breach story appearing in the news. As these security incidents become more prevalent - not to mention more costly - one of the best things that small businesses can do to prevent them is to learn from others' mistakes.We see that the biggest enterprises are not infallible to data protection issues like breaches. And we obviously hear about them because bigger brands are newsworthy. This is good for small businesses though, because while their drama unfolds in the media it gives us a very public playbook of how it happened and how they…
  • Gemalto Bundles Secure File Sharing and Access Management to Offer All-in-One Identity Cloud Solution

    Macey Morrison
    30 Jul 2014 | 6:00 am
    This week, the CloudEntr Team is excited to announce that we have listened to our customers concerns regarding data risk in the cloud, taking on the other piece of the cloud security puzzle: file sharing and collaboration.Our CloudEntr access management solution has expanded to now offer an all-in-one solution for secure application access and file sharing in the cloud. We are thrilled to enable SMBs to capitalize on the cost efficiency and convenience of the cloud with the peace of mind of knowing their and their customer’s data is secure. The file encryption and collaboration feature…
  • add this feed to my.Alltop

    Quotium

  • Securing Agile Software

    Quotium Research Center
    13 Oct 2014 | 5:18 am
    We will take an overview of Agile and more importantly the process at the center of it that powers development of Agile Software. We’ll see an effective way to deal with the challenge to integrate security in that process and how we can turn that into an opportunity !   The post Securing Agile Software appeared first on www.quotium.com
  • State of Application Security Survey

    Quotium Research Center
    24 Sep 2014 | 1:19 am
    The post State of Application Security Survey appeared first on www.quotium.com
  • Partnerships and Integrations

    Quotium Research Center
    22 Sep 2014 | 12:59 am
    More partnerships and integrations coming soon… Version One is a leading agile development management software provider. Quotium Seeker has the ability to open defects directly in Version One based on the findings from a test.  In an agile environment, it is important to be able to manage the different aspects of the project from one […] The post Partnerships and Integrations appeared first on www.quotium.com
  • Scrum Vs Kanban

    Quotium Research Center
    20 Sep 2014 | 4:52 pm
    Scrum and Kanban are both widely used methodologies in AGILE. Practitioners of both speak a lot on the positives of the respective methodologies and share success stories. People often try to evaluate the two and make a judgment about which one is better. In this article I have tried to discuss some visible differences between […] The post Scrum Vs Kanban appeared first on www.quotium.com
  • Extracting Information from the web logs

    Quotium Research Center
    20 Sep 2014 | 4:47 pm
    Every team wants to reproduce a production like performance test so as the produce the maximum number of issues as could be observed in production environment. Running a production like performance test is as if every performance test manager’s dream. But it is no cake walk. To execute such a test, a lot of factors […] The post Extracting Information from the web logs appeared first on www.quotium.com
 
Log in