720-891-1663

OpenSSL: Here We Go Again

UPDATE:  The details are out.  The issue is that under certain circumstances, a hacker could get OpenSSL to accept an HTTPS certificate that is fraudulent.  This does not affect the major browsers, but rather the second and third tier software that uses SSL behind the scenes.  Likely, you don’t even know all the places that […]

Continue reading → [DISPLAY_ACURAX_ICONS]

A Lesson From The Bitstamp Bitcoin Exchange Breach

Bitstamp, a European bitcoin exchange, suffered a breach on January 4th of this year.  According to a breach report apparently prepared for Bitstamp, the breach was a result of a determined adversary and a very typical but rookie mistake on the part of a Bitstamp administrator. The breach cost Bitstamp 18,997 bitcoins worth a little over […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Why Patching Doesn’t Work – Using Apple As An Example

Apple released patches to fix a family of security flaws called Masque the other day in iOS release 8.4 .  Researchers then came up with a new variant of the flaw that the patch doesn’t fix.  Apple had fixed earlier variants of the Masque attack in iOS 8.1.3 , Anyone see a theme here.  Unfortunately, […]

Continue reading → [DISPLAY_ACURAX_ICONS]

The Gov Isn’t Very Good At Fixing Software

According to Veracode, the government isn’t very good at fixing software flaws.  In fact, of 7 vertical segments, they rank last.  The financial and manufacturing sectors do best at fixing vulnerabilities.  Healthcare organizations don’t do well and cloud vendors (SaaS) fail the OWASP top 10 almost 75% of the time.  Given this, it is not […]

Continue reading → [DISPLAY_ACURAX_ICONS]

State Department Has “Technological Systems Issues”

I guess that is their version of “Houston, we have a problem”.  The State Department posted a press release on their web site YESTERDAY that says that they have been having problems issuing visas and passports for two weeks.  The State Department usually issues about 50,000  visas a day.  Last week, they issued about 1,500 […]

Continue reading → [DISPLAY_ACURAX_ICONS]