The CERT Coordination Center at Carnegie Mellon University (CERT/CC) has published a list of popular Android applications that fail to properly validate SSL certificates, exposing users to man-in-the-middle (MitM) attacks.
Whether you’re buying a smart refrigerator for your home or a printer for your company, your first step is deciding the risk involved and how to deploy the device in a secure manner while preserving the functionality you require.
Vulnerabilities are a fact of life. Independent testing may be illegal without express permission, but that doesn’t stop code pillagers from sniffing out vulnerabilities and weaknesses in your web applications.
Complacency is never a good thing, but in security it can have devastating effects. While it’s good to acknowledge progress, that should never stand in the way of staying ahead of the next potential threat.
Just as offices need to detect break-ins to keep criminals from committing industrial espionage, enterprises need to put more focus on detecting APTs and other advanced threats to keep adversaries from their network.
The best way to anticipate a move by an adversary is to put yourself in their position and ask, what would I do in the same situation? Studying the ways in which you would attack a given situation provides a strategic advantage when planning your defense.
In this podcast, Richard Boscovich, assistant general counsel in the Microsoft Digital Crimes Unit, talks about the new Microsoft Cybercrime Center and the ongoing battle to stop the proliferation of botnets around the world.