Security. Convenience. Pick one! That is my forever mantra. Now we are finding out that when you login to your favorite site using “Login with Facebook” your data is exposed to third parties. Nice. According to research from “Freedom to Tinker” at Princeton, when a user logs in using Facebook’s API, Javascript on the site […]
Continue reading → [DISPLAY_ACURAX_ICONS]For those of you who have been reading my blog for some time, you know that I have written about the software supply chain security problem. In a nutshell, the problem is that programmers rarely write code from zero anymore. Instead teams write pieces of code and integrate it. Then there is limited testing due […]
Continue reading → [DISPLAY_ACURAX_ICONS]There is a term in the cyber security world called dwell time. Dwell time is the amount of time between the time an attacker breaks in and the good guys figure that out. In 2011 the average dwell time was over 400 days. According to a just released Mandiant report, that number is now only […]
Continue reading → [DISPLAY_ACURAX_ICONS]Google has a interesting strategy. Build prototypes of products. Show them or leak them. See if anyone cares. Kill them if it doesn’t work out – there are lots of examples. After many users are already using them. One other thing that they do is attempt to lock users into the Google ecosystem. Of course. […]
Continue reading → [DISPLAY_ACURAX_ICONS]Way back in the dark ages of 2013 the PCI Security Standards Council (PCI SSC) released a document regarding processing credit cards in the cloud. It was 52 pages. This month the PCI SSC released a new version of that same document. It is now 83 pages. This version seems to better understand the risk […]
Continue reading → [DISPLAY_ACURAX_ICONS]It wasn’t so long ago that 4 digit passcodes were the norm. Now 6 digit passcodes are obsolete. GrayKey, the new kid on the block offering low cost cracking of iPhones up to and including the iPhone X requires users who are concerned about that to change their password habits. Pricing on Graykey, supposedly, is […]
Continue reading → [DISPLAY_ACURAX_ICONS]