Web App Security

  • Most Topular Stories

  • BH, DefCon, BSidesLV Primer

    Liquidmatrix Security Digest
    Bill Brenner
    18 Jul 2014 | 4:31 am
    Many security professionals are making plans for a week in Las Vegas early next month for three big InfoSec conferences: Black Hat, Defcon and BSidesLV. I’ve been going for years and am familiar with what to expect and how to make the best use of my time there.  If you’re a first-time attendee, however, the experience can be overwhelming. For that reason, each year I put together a survival guide of sorts. Here’s your primer for 2014: Tip 1: Don’t let the noise get to you Black Hat and DEF CON in particular are noisy events. The vendors, in an effort to really fit…
  • Mobile App Wall of Shame: CNN App for iPhone

    Zscaler Research
    viral
    21 Jul 2014 | 11:06 am
    Price: Free Category: News Updated: Jul 11, 2014 Version: Version 2.30 (Build 4948) Size: 21.8 MB Language: English Vendor: CNN Interactive Group, Inc. Operating System: iOS Background iReport account setting The CNN App for iPhone is one of the most popular news applications available for the iPhone. At present, it is sitting at #2 in the iTunes free News app category and #165
  • MentalJS bypasses

    The Spanner
    Gareth Heyes
    24 Jun 2014 | 2:41 pm
    I managed to find time to fix a couple of MentalJS bypasses by LeverOne and Soroush Dalili (@irsdl). LeverOne’s vector was outstanding since it bypassed the parsing itself which is no easy task. The vector was as follows: for(var i i/'/+alert(location);0)break//') Basically my parser was inserting a semi colon in the wrong place causing a different state than the actual state executed. My fix inserts the semi colon in the correct place. Before the fix the rewritten code looked like this: for (var i$i$; / '/+alert(location);0)break//') As you can see the variables have been incorrectly…
  • How can we write better software? – Interview series, part 1

    Mozilla Hacks - the Web developer blog
    Shane Tomlinson
    16 Jul 2014 | 9:08 am
    Do you ever look code and murmur a string of “WTFs?” Yeah, me too. As often as not, the code is my own. I have spent my entire professional career trying to write software that I can be proud of. Writing software that “works” is difficult. Writing software that works while also being bug-free, readable, extensible, maintainable and secure is a Herculean task. Luckily, I am part of a community that is made up of some of the best development, QA and security folks in the industry. Mozillians have proven themselves time and time again with projects like Webmaker, MDN,…
  • Update: translate.py

    Didier Stevens
    Didier Stevens
    16 Jul 2014 | 12:37 pm
    Some time ago, Chris John Riley reminded me of a program I had written, published … and forgotten: translate.py. Apparently, it is used in SANS classes. Looking at this program from 2007, I though: my Python coding style has changed since then, I need to rewrite this. So here is the new version. It’s backward compatible with the old version (same arguments), but it offers more flexibility, like input/output redirection, allowing it to be used in pipes. And from now on, I’m going to try to add a man page to all new Python program releases. It’s embedded in the source…
  • add this feed to my.Alltop

    Liquidmatrix Security Digest

  • BH, DefCon, BSidesLV Primer

    Bill Brenner
    18 Jul 2014 | 4:31 am
    Many security professionals are making plans for a week in Las Vegas early next month for three big InfoSec conferences: Black Hat, Defcon and BSidesLV. I’ve been going for years and am familiar with what to expect and how to make the best use of my time there.  If you’re a first-time attendee, however, the experience can be overwhelming. For that reason, each year I put together a survival guide of sorts. Here’s your primer for 2014: Tip 1: Don’t let the noise get to you Black Hat and DEF CON in particular are noisy events. The vendors, in an effort to really fit…
  • Liquidmatrix Security Digest Podcast – Episode 3F

    James Arlen
    17 Jul 2014 | 8:15 am
    Episode 0x3F Last one before Summer Security Camp Pretty much everyone is drowning under piles of wtf and omfg diaf. But we promised you we’d be back and this time we’re pretending we care. Upcoming this week… Lots of News Breaches SCADA / Cyber, cyber… etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs – no arguing or discussion allowed And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at…
  • What The Hell Just Happened Here?

    Bill Brenner
    12 Jul 2014 | 9:38 am
    I never could keep my mouth shut. When a conversation is going on, I can’t just mind my business and focus on the work at hand. I have to be the man at the table who injects quips into the discussion; the guy who thinks he’s not contributing properly unless he pontificates, no matter how ridiculous his words are. That was the scenario Friday when some of us Akamites (Akamai employees) were talking about the content for a new site in the works. I noted that while I love the daily blogging in The Akamai Security Blog and am grateful that I have another forum – The OCD…
  • Bill Brenner Is Joining Liquidmatrix

    Dave Lewis
    11 Jul 2014 | 1:41 pm
    Fresh from the “why the hell didn’t I think of this years ago” files we have some news. Bill Brenner is joining Liquidmatrix! It will be nice to actually have someone writing again. Hint hint. (looking at the crew…myself included) Nothing like a comment made in passing to develop into a cool idea. Years ago Bill was the first media person to interview me for…well, any publication. In the intervening years I have learned that he was a consummate professional and remains so to this day (That’ll be $100 Bill). Now that we both work for the same company, Akamai Technologies, we chat…
  • LSD Podcast 0x3E

    James Arlen
    4 Jul 2014 | 10:25 am
    Episode 0x3E HAPPY $COUNTRY JULY PAID DAY OFF We’re back. Reasons shall be enumerated. And so forth. Upcoming this week… Lots of News Breaches SCADA / Cyber, cyber… etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs – no arguing or discussion allowed And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec…
 
  • add this feed to my.Alltop

    Zscaler Research

  • Mobile App Wall of Shame: CNN App for iPhone

    viral
    21 Jul 2014 | 11:06 am
    Price: Free Category: News Updated: Jul 11, 2014 Version: Version 2.30 (Build 4948) Size: 21.8 MB Language: English Vendor: CNN Interactive Group, Inc. Operating System: iOS Background iReport account setting The CNN App for iPhone is one of the most popular news applications available for the iPhone. At present, it is sitting at #2 in the iTunes free News app category and #165
  • And the mice will “Play”…: App Stores and the Illusion of Control Part II

    viral
    15 Jul 2014 | 5:59 am
    In the last blog, we began analyzing what we’ve termed the “App Dichotomy” of the App Economy – The fact that we are at least as much the consumed, as we are the consumer. Our goal was to analyze popular apps from Apple’s App Store and Google Play to determine how permissive developers have tried to be, and the security and privacy risks we accept when we download them to our smartphones. 
  • The “Forbidden” Apple: App Stores and the Illusion of Control Part I

    viral
    15 Jul 2014 | 5:59 am
    There is no doubt we truly live in an “App Economy.” From personal to professional, we direct and live our lives through our smart phones. But while we enjoy the latest games, stream the latest content or catch up on our friend's activities, few think about the “App Dichotomy”– The fact that we are at least as much the consumed, as we are the consumer. This is the first in a pair of blogs that
  • Exploring the Java vulnerability (CVE-2013-2465) used in the Fiesta EK

    Sameer Patil
    3 Jul 2014 | 2:26 am
    While going through our daily analysis this month, we came across several Fiesta Exploit Kit attacks. Although this EK first emerged in August 2013, the authors have constantly updated their exploitation code to evade detection. It mostly targets known vulnerabilities in Java and Microsoft Silverlight for exploitation. We identified a .jar file attached to a FiestaEK landing page and on
  • Adware Utilizes Google Docs to Scam Users

    Chris Mannon
    24 Jun 2014 | 1:27 pm
    Spammers are no stranger to exploiting existing file-sharing services to propagate their warez and Google has been used in the past to bring some sense of legitimacy to a scam.  In a scam that we recently uncovered, user's will receive a URL shortened link, which will lead them to a malicious ad, hosted within Google Docs. There is no malware explicitly hosted on Google docs, but rather a link to
  • add this feed to my.Alltop

    The Spanner

  • MentalJS bypasses

    Gareth Heyes
    24 Jun 2014 | 2:41 pm
    I managed to find time to fix a couple of MentalJS bypasses by LeverOne and Soroush Dalili (@irsdl). LeverOne’s vector was outstanding since it bypassed the parsing itself which is no easy task. The vector was as follows: for(var i i/'/+alert(location);0)break//') Basically my parser was inserting a semi colon in the wrong place causing a different state than the actual state executed. My fix inserts the semi colon in the correct place. Before the fix the rewritten code looked like this: for (var i$i$; / '/+alert(location);0)break//') As you can see the variables have been incorrectly…
  • mXSS

    Gareth Heyes
    6 May 2014 | 11:51 am
    Mutation XSS was coined by me and Mario Heiderich to describe an XSS vector that is mutated from a safe state into an unsafe unfiltered state. The most common form of mXSS is from incorrect reads of innerHTML. A good example of mXSS was discovered by Mario where the listing element mutated its contents to execute XSS. <listing>&lt;img src=1 onerror=alert(1)&gt;</listing> When the listing’s innerHTML is read it is transformed into an image element even though the initial HTML is escaped. The following code example shows how the entities are decoded. <listing…
  • Java Serialization

    Gareth Heyes
    6 May 2014 | 11:39 am
    In this post I will explore Java serialized applets and how they can be used for XSS. A serialized applet contains code that can be easily stored and loaded. Java supports an attribute called “object” which accepts a url to a serialized class file this allows us to load applets of our choosing provided they can be serialized and implements the java.io.Serializable interface. This feature is very old and obscure and I have successfully used the technique to bypass filters that look for very specific XSS patterns. In order to create a serializable Java applet you need the following code…
  • Bypassing the XSS filter using function reassignment

    Gareth Heyes
    7 Apr 2014 | 10:54 am
    The XSS filter introduced in IE8 is a really powerful defence against XSS. I tested the filter for a number of years and found various bypasses one of which I would like to share with you now. You can read more about the filter and its goal in the following blog post. Scope There have been numerous public bypasses of the filter however very few within the intended scope of the filter. The filter blocks reflected XSS in HTML context, script, style and event context. It does not support attacks that use multiple parameters or same origin requests. Once you are aware of the intended scope the…
  • RPO

    Gareth Heyes
    21 Mar 2014 | 2:09 pm
    Relative VS Absolute RPO (Relative Path Overwrite) is a technique to take advantage of relative URLs by overwriting their target file. To understand the technique we must first look into the differences between relative and absolute URLs. An absolute URL is basically the full URL for a destination address including the protocol and domain name whereas a relative URL doesn’t specify a domain or protocol and uses the existing destination to determine the protocol and domain. Absolute URL https://hackvertor.co.uk/public Relative URL public/somedirectory The relative URL shown will look for…
 
  • add this feed to my.Alltop

    Mozilla Hacks - the Web developer blog

  • How can we write better software? – Interview series, part 1

    Shane Tomlinson
    16 Jul 2014 | 9:08 am
    Do you ever look code and murmur a string of “WTFs?” Yeah, me too. As often as not, the code is my own. I have spent my entire professional career trying to write software that I can be proud of. Writing software that “works” is difficult. Writing software that works while also being bug-free, readable, extensible, maintainable and secure is a Herculean task. Luckily, I am part of a community that is made up of some of the best development, QA and security folks in the industry. Mozillians have proven themselves time and time again with projects like Webmaker, MDN,…
  • Adding captions and subtitles to HTML5 video

    Ian Devlin
    10 Jul 2014 | 5:04 am
    This article is also available on MDN. With the introduction of the <video> and <audio> elements to HTML5, we finally have a native way to add video and audio to our websites. We also have a JavaScript API that allows us to interact with this media content in different ways, be it writing our own controls or simply seeing how long a video file is. As responsible web developers, we should also be constantly thinking about making our content more accessible, and this doesn’t stop with video and audio content. Making our content accessible to all is an important step, be it for…
  • Mozilla at conferences – June edition

    Chris Heilmann
    3 Jul 2014 | 8:29 am
    Welcome to a quick round-up of what Mozillians have been talking about at events in and around June. Frédéric Harper spoke at Devoxx UK about “Getting the best out of your design with responsive web design“ Robert Nyman spoke at JSCamp Romania about “Five stages of development (slides – video)” David Baron spoke at CSS Day about “Efficient CSS Animations (slideshow – all slides) Chris Heilmann visited Campus Party Mexico to deliver the keynote “The Future of the Open Web (video, slides)”. There were also various talks by local…
  • ServiceWorkers and Firefox

    Nikhil Marathe
    25 Jun 2014 | 6:04 pm
    Since early 2013, Mozillians have been involved with the design of the Service Worker. Thanks to work by Google, Samsung, Mozilla, and others, this exciting new feature of the web platform has evolved to the point that it is being implemented in various web browser engines. What are Service Workers? At their simplest, Service Workers are scripts that act as client-side proxies for web pages. JavaScript code can intercept network requests, deliver manufactured responses and perform granular caching based on the unique needs of the application, a feature that the web platform has lacked before…
  • WebIDE Lands in Nightly

    Dave Camp
    23 Jun 2014 | 8:18 am
    Editor’s note: if you want to help test it on a recent nightly you can toggle the devtools.webide.enabled preference in about:config. The WebIDE is available today under Tools>Web Developer>App Manager and will be renamed in tomorrow’s Nightly into WebIDE. If you’ve been following our Developer Tools series on the Mozilla Hacks blog, you’ve seen the developer tools evolve from pure inspection to a debugging environment both for web sites and apps on desktop and mobile. Today we want to introduce you to the next step of evolution: adding in-browser editing features across…
  • add this feed to my.Alltop

    Didier Stevens

  • Update: translate.py

    Didier Stevens
    16 Jul 2014 | 12:37 pm
    Some time ago, Chris John Riley reminded me of a program I had written, published … and forgotten: translate.py. Apparently, it is used in SANS classes. Looking at this program from 2007, I though: my Python coding style has changed since then, I need to rewrite this. So here is the new version. It’s backward compatible with the old version (same arguments), but it offers more flexibility, like input/output redirection, allowing it to be used in pipes. And from now on, I’m going to try to add a man page to all new Python program releases. It’s embedded in the source…
  • Update: Stoned Bitcoin

    Didier Stevens
    29 Jun 2014 | 5:04 pm
    kurt wismer pointed me to this post on pastebin after he read my Stoned Bitcoin blogpost. The author of this pastebin post works out a method to spam the Bitcoin blockchain to cause anti-virus (false) positives. I scanned through all the Bitcoin transactions (until 24/06/2014) for the addresses listed in this pastebin post (the addresses represent antivirus signatures for 400+ malwares). All these “malicious” Bitcoin addresses, designed to generate anti-virus false positives,  have been exclusively used in the 8 Bitcoin transactions I mentioned in my previous post. The pastebin…
  • Stoned Bitcoin

    Didier Stevens
    23 Jun 2014 | 1:29 pm
    There are reports of anti-virus false positive detections of Bitcoin files. More precisely for the old Stoned computer virus. I found the smoking gun! These reports should not be dismissed as hoaxes. I’ve identified 2 Bitcoin transactions that contain byte sequences found in the Stoned computer virus. Here they are: f09904aaa4fa4a8ec7da06f5e3d318a9b6a218e1a215f9307416fbbadf5a1c8e fcf5cf9893a142897598edfc753bd6162e3638e138fc2feaf4a3477c0cfb65eb Both transactions appear in blocks dated 2014-04-04. The first transaction has byte sequences of the Stoned computer virus in the address of…
  • Wireshark-export

    Didier Stevens
    15 Jun 2014 | 5:37 pm
    Here is the 010 Editor script I developed to generate Wireshark hex dumps. Watch how to use it in my previous blogpost: “Packet Class: Wireshark – Import Hex Dump”. wireshark-export_v0_0_1.zip (https) MD5: B339EFD0898B6506CBEAAFCBCE08B3A6 SHA256: 557B39246FAC3BD91CE24EAD3DF07F8B68100778241393A26C67A566756C404B
  • Packet Class: Wireshark – Import Hex Dump

    Didier Stevens
    10 Jun 2014 | 1:34 pm
    During my “Packet Class: Wireshark” training, we do an exercise on importing a hex dump in Wireshark. I recently created a 010 Editor script to help with the creation of hex dumps for Wireshark. This video shows its usage:
 
  • add this feed to my.Alltop

    CERIAS Combined Feed

  • Videos from the 15th Annual CERIAS Symposium

    Gene Spafford
    11 Jul 2014 | 1:30 pm
    We are now releasing videos of our sessions at this year’s CERIAS Symposium from late March. We had a fascinating session with David Medine, chair of the PCLOB discussing privacy and government surveillance with Mark Rasch, currently the CPO for SAIC. If you are interested in the issues of security, counterterrorism, privacy, and/or government surveillance, you will probably find this interesting: https://www.youtube.com/watch?v=kHO7F8XjvrI We are also making available videos of some of our other speakers — Amy Hess, Exec. Deputy Director of the FBI; George Kurtz, President & CEO of…
  • Update on “Patching is Not Security”

    Gene Spafford
    9 Jul 2014 | 12:09 pm
    A few weeks ago, I wrote a post entitled “Patching Is Not Security.” Among other elements, I described a bug in some Linksys routers that was not patched and was supporting the Moon worm. Today, I received word that the same unpatched flaw in the router is being used to support DDOS attacks. These are not likely to be seen by the owners/operators of the routers because all the traffic involved is external to their networks — it is outbound from the router and is therefore “invisible” to most tools. About all they might see is some slowdown in their connectivity. Here’s some of the…
  • Why We Don’t Have Secure Systems Yet, Introduction

    Gene Spafford
    7 Jul 2014 | 10:32 am
    Over the past couple of months I’ve been giving an evolving talk on why we don’t yet have secure systems, despite over 50 years of work in the field. I first gave this at an NSF futures workshop, and will give it a few more times this summer and fall. As I was last reviewing my notes, it occurred to me that many of the themes I’ve spoken about have been included in past posts here in the blog, and are things I’ve been talking about for nearly my entire career. It’s disappointing how little progress I’ve seen on so many fronts. The products on the market, and the “experts” who…
  • CERTs, Security Patches And Sloppy Design

    CERIAS Webmaster
    25 Jun 2014 | 6:02 am
    When will we reach the tipping point? Spafford has this to offer, “If we keep patching, the system will collapse under the weight of all those patches.” More information »
  • PhD Candidate Recognized for Homeland Security Investigation Accomplishments

    CERIAS Webmaster
    11 Jun 2014 | 6:19 am
    U.S. Homeland Security Investigations (HSI) recently recognized Rachel Sitarz, a CERIAS PhD Candidate in Cyber Forensics, for her efforts in support of a nationally coordinated investigation in 2012. The HSI Executive Associate Director’s Annual Awards Program recognized the Chicago Office for “Outstanding Investigative Accomplishments - Immigration Fraud” in “Operation Island Express”. The investigation targeted a transnational document trafficking organization based in Puerto Rico. The trafficking organization sold the identities of Puerto Rican U.S. citizens and corresponding…
  • add this feed to my.Alltop

    Security Intelligence

  • Is Password Protection Really Enough?

    Fran Howarth
    21 Jul 2014 | 7:04 am
    The recently-released 2014 BYOD and Mobile Security Spotlight Report from the LinkedIn Information Security group, sponsored by IBM, sheds light on the current state of the bring-your-own-device (BYOD) trend among organizations. As might be expected, security is considered an issue by many organizations, but the majority of them are relying on password protection alone to protect their data. Is that really enough? Personal devices are widely used at 45 percent of organizations (albeit not always with the support of the organization) and in limited use at a further 26 percent, the report…
  • Bootkits: Deep Dive Into Persistence Mechanisms Used by Bootkits at HOPE X Conference

    x-force-research
    18 Jul 2014 | 8:19 am
    I’ll be speaking at the HOPE X conference on Sunday, June 20, in New York City, providing an in-depth look at the persistence mechanisms used by bootkits. Bootkits are malware that infect a system below the level of the kernel, typically the system firmware. Basic Input/Output System (BIOS) is firmware that boots older machines. Unified Extensible Firmware Interface (UEFI) is a combination of firmware and a boot-loader that boots newer machines. In the wild, BIOS infection goes all the way back to the original Stoned virus from 1987 and the CIH/Chernobyl virus, which dates to the…
  • IT Systems and Security: Building Networks of Trust

    Rick M Robinson
    17 Jul 2014 | 8:14 am
    In the world of IT systems, a little mistrust can sometimes be a good thing. As you read this, a busy executive is glancing at her email inbox. A message from a longtime colleague has a link to an interesting-sounding study — but something doesn’t feel quite right. The email seems vaguely generic, without the personal tone she’d expect from an old friend. When she checks the return address, it doesn’t match the colleague’s email. Instead of clicking on the link, she deletes the email, thus protecting herself and her company from a spear-phishing cyber attack.
  • State of BYOD and Mobile Security Report: Latest Insights, Trends and Stats

    Yishay Yovel
    16 Jul 2014 | 10:34 am
    The Information Security LinkedIn group released a new survey from its 200,000-member community on the state of bring-your-own-device (BYOD) and mobile security initiatives in their enterprises. We provide our take on some of the findings from this comprehensive survey‘s 1,100 responses. To BYOD or Not? According to the survey, over 60 percent of enterprises allow or tolerate employee use of personal devices to access enterprise data. Only a small minority of enterprises, 11 percent, have no plans to allow such usage. Enterprises that allow BYOD expect the primary benefits to be…
  • The Single Most Important Focus for Today’s CISO? The R-Word

    Derek Brink
    16 Jul 2014 | 8:04 am
    Quick — what’s the single most important focus for today’s chief information security officer (CISO)? This was the first of seven questions raised on the topic of the role of today’s CISOs in a recent Twitter chat hosted by the IBM Security team. Before you respond, be careful: This is not the same question as, “What’s keeping today’s CISOs up at night?” nor, “What security initiatives are being given the highest priority by today’s CISOs?” An Existential Question for Today’s CISO No, the word “focus” means the…
 
  • add this feed to my.Alltop

    blog.hotspotshield.com

  • Two New Virtual Locations Added for Hotspot Shield – Germany & Canada

    Peter Nguyen
    20 Jul 2014 | 11:03 pm
    Anchorfree has recently added servers in Canada and Germany to create virtual locations in these countries. We now have virtual locations in 6 countries: USA, Japan, United Kingdom, Australia, Canada and Germany. The addition of these 2 new virtual locations means you have access to a larger pool of VPN servers and IP addresses, giving you the fastest connections possible wherever you are. So, If you are living in Canada or Germany, you now can enjoy faster connections to access blocked content, protect your privacy, and secure your Internet communications. Benefits for Expats If you are a…
  • Could License Plate Recognition Databases Infringe on Your Privacy?

    Peter Nguyen
    8 Jul 2014 | 12:04 am
    Our ability to collect, store, and search data has increased at an alarming rate over the past an effort to prevent terrorism. And now, an additional debate about privacy has arisen as the Department of Homeland Security has advocated a national license plate database that will incorporate license plate image data to assist law enforcement. Is this collection infringing on privacy rights? And should the data be available to private companies, particularly those that aid in the collection of such datadecade thanks to our ability to digitize information. Debates over privacy have cropped up as…
  • 5 Terrifying Ramifications of Medical Identity Theft

    Peter Nguyen
    2 Jul 2014 | 12:13 am
    Last year, nearly two million Americans became a victim of medical identity theft, 32 percent more than the year before. Today, medical identity theft accounts for 43 percent of all identity theft in the United States, and cases are rising faster than any other type of identity theft. Medical identity theft occurs when someone uses another person’s name and other personal attributes to fraudulently receive medical products or services, including prescription drugs and insurance reimbursements. As this crime becomes increasingly more common, it’s important to consider some of its…
  • Facebook Security for Parents and Teens

    Robert Siciliano
    27 Jun 2014 | 9:17 am
    Facebook offers a hefty amount of security measures that parents and teens should know about. The Login Social authentication – A hacker will have a harder time hacking into your Facebook account if he or she must identify your friends via photos – This verification process is social authentication, and it’s easier to use than having to remember another password. ID verification – A new user must create a security question with an answer. An extra layer of security is achieved when the user adds their smartphone number so they can receive a text message with a code.
  • Using Modern Tech to Catch Cyberbullies

    Peter Nguyen
    23 Jun 2014 | 11:39 pm
    If your child has ever been bullied, then you already know how much pain it causes, especially when the bullying goes from the classroom to the Internet. Online identities give users a certain level of anonymity when it comes to cyberbullying, but parents and law enforcement are using the very technology bullies abuse to catch the cyber-tormentors in the act. With digital detective work in mind, here are a number of ways modern tech is putting an end to cyberbullying. Look for Signs of Bullying Cyberbullying can take on many forms, such as harassment and humiliation, so it’s important…
  • add this feed to my.Alltop

    Blog - CloudEntr | Single Sign On | Password Manager

  • An Enlightened Approach to Password Security: Getting Beyond 8 Characters

    Macey Morrison
    9 Jul 2014 | 6:00 am
    Security pros know that a user name and password pair isn’t the most secure method of logging into your businesses sites and apps – just wait a news cycle and you’re sure to hear about another breach where a company’s passwords have been exposed. But for the time being passwords are still the defacto way that we access our business applications and websites on a daily basis. And as a result we’ve all run into – or had to enforce – those annoying rules for creating strong passwords:At least 8 charactersMix of uppercase and lowercase lettersMust include at least one numberMust…
  • New Feature Release: More from Two-factor Authentication

    Ella Segura
    23 May 2014 | 4:17 am
    Ella Segura serves as the Product Manager for CloudEntr, guiding the product road map and all new features and developments. Businesses want assurance that their data and resources are safe, and it’s no secret that passwords are not cutting it anymore. Let’s be honest, they are the weakest link in the security chain. And why is that? Well, it’s mostly attributed to the “something you know” piece of the authentication equation AKA the human element.Strong password habits are clear: use uncommon and nonsensical character combinations, the longer the better, avoid common phrases and…
  • SaaS Apps Accelerating an Identity & Access Management Evolution to the Cloud [Report]

    Macey Morrison
    5 May 2014 | 11:58 am
    Whether you’re a small business owner or the head of an IT department, you know that today your businesses’ goals drive IT in your organization and for the majority of you that means cloud has been a tactic in executing your strategy. A tactic often used to reduce cost, promote mobility, offer a better delivery model to customers, or even outsource expertise to the software professionals with the know-how in the right industry. But with the cloud came new security risks, and a need for a new level of security to accomplish or better yet preserve business goals.Today, best practice…
  • New Feature Release: One-Click Usability

    Ella Segura
    21 Apr 2014 | 6:00 am
    Ella Segura serves as the Product Manager for CloudEntr, guiding the product road map and all new features and developments. Navigation Now Even More Convenient with CloudEntr Two months ago, we released our updated UI focusing on extending the convenience and usability of our product for their day-to-day activities. Why did we do this? The same reason Gemalto released CloudEntr back in December, a major pain point for businesses, IT, and security professionals is to a large extent their existing security solutions and policies simply aren’t usable for their employees nor do they fit…
  • 96 Hours Later, What Does Heartbleed Mean for Your Business?

    Macey Morrison
    11 Apr 2014 | 8:46 am
    The dust is settling on what has been an explosive week in digital security. Just 96 hours ago, Codenomican and researchers at Google announced they had uncovered a major security threat affecting more than 66% of the web. Making CVE-2014-0160 or what they have nicknamed the Heartbleed Bug, is one of the largest security threats the World Wide Web has ever seen since it was developed in the early 90’s.Now that some time has passed on the issue, we wanted to take the opportunity to expand on Wednesday's post, reassuring our customers and partners we were in the ~36% of the web and not…
  • add this feed to my.Alltop

    Quotium

  • Some key (yet funny) terminologies in AGILE Scrum

    Quotium Research Center
    18 Jul 2014 | 3:03 am
    Agile has been the buzz word of the industry since 4-5 years now. It has turned around many businesses. It has not just drastically changed the cost side of the profitability tree but also improved upon the revenue side by shipping better products. Agile practitioners are no longer willing to even talk about the traditional […] The post Some key (yet funny) terminologies in AGILE Scrum appeared first on www.quotium.com
  • Leading the KANBAN way!!!

    Quotium Research Center
    18 Jul 2014 | 1:47 am
    What is Kanban? KANBAN is a Toyota principle and literally means ‘Signboard’ in Japanese. Kanban advocates continuous improvement and emphasizes on making everyone get an explicit and clear idea of the entire process. It advocates minimum work in progress inventory and just in time production. This allows team to bring continuous improvement in their operations […] The post Leading the KANBAN way!!! appeared first on www.quotium.com
  • DSDM Project Lifecycle

    Quotium Research Center
    18 Jul 2014 | 1:34 am
    A DSDM project consists of three key phases – Pre project phase Project lifecycle phase and Post project phase Pre project phase: In the pre project discussions happen at super management level wherein the business problems are identified, applications (to be built) are decided, these applications are prioritized, budget is allocated for the same and […] The post DSDM Project Lifecycle appeared first on www.quotium.com
  • Core principles and properties in KANBAN explained!

    Quotium Research Center
    18 Jul 2014 | 1:15 am
    Kanban derive its name from the Toyota principles of Lean and JIT production process. Some of Toyota’s key principles made it one of the market leaders in low cost production and helped them become industry leader in setting up many practices that others in the industry tried to follow. Kanban as in software development methodology […] The post Core principles and properties in KANBAN explained! appeared first on www.quotium.com
  • Data driven testing – DDT

    Quotium Research Center
    17 Jul 2014 | 3:20 am
    What is Data Driven testing? Applications have become very data dependent. A user while accessing a site need to enter a lot of data items which means a lot of input items. And each of the input item can have thousands of different types of words or keys. It is thus necessary to reproduce the […] The post Data driven testing – DDT appeared first on www.quotium.com
 
Log in