• #security on software development security and web security, security best practices and discussions, break-ins and countermeasures. Everything you ever wanted to know about software security but were afraid to ask, for fear of not understanding the answer!

Albert Zenkoff Post list

CAST workshop on development security

We are holding our yearly security conference in Darmstadt on the 22nd of March – that’s next week – together with our partners from Fraunhofer SIT and CAST. This time, the focus subject will be DevOps and cloud technologies, including both operations and development preparation for the security in the cloud. The speakers are prepared ...

Read More

A company with an SQL injection name

Finally, someone registered a company that is an SQL injection attack. We saw the license plates on cars doctored to execute SQL injection attacks but this is the first time, I think, that an attempt to crash all business SQL databases in a country is made. The company name is: ; DROP TABLE “COMPANIES”;– LTD ...

Read More

Don’t patch it, it’s fine?

I wrote back in 2013 about my shock at discovering that the companies are now publicly calling to stop the investment in security and avoid fixing security bugs in my article Brainwashing in security. There, we witnessed the head of Adobe security, Brad Arkin, tell us that the companies should not be wasting their precious ...

Read More

Data breach at LinkedIn

Apparently, there was a serious data breach at LinkedIn and many customer records were stolen including “member email addresses, hashed passwords, and LinkedIn member IDs”. LinkedIn sent out a notification informing that the passwords were invalidated. What is interesting in the note is that they included a cryptic note that the break-in was “not new”. ...

Read More

Position yourself on Security Maturity Grid

I wrote up the Security Maturity Grid the way quality management is usually presented. The grid is a simple 5 x 6 matrix that shows different stages of maturity of the company’s security management against six different security management categories (management understanding of security, problem handling, cost of security, etc). The lowest stage of maturity ...

Read More

Worst languages for software security

I was sent an article about program languages that generate most security bugs in software today. The article seemed to refer to a report by Veracode, a company I know well, to discuss what software security problems are out there in applications written in different languages. That is an excellent question and a very interesting ...

Read More

Backdoors in encryption products

After the recent terrorist attacks the governments are again pushing for more surveillance and the old debate on the necessity of the backdoors in encryption software raises its ugly head again. Leaving the surveillance question aside, let’s see, what does it mean to introduce backdoors to programs and how they can be harmful, especially when ...

Read More

CAST Workshop “Secure Software Development”

We are organizing the workshop on “Secure Software Development” now for the third year in a row. As usual, the workshop is in Darmstadt and the logistics is cared for by the CAST e.V. The date for the workshop is 12 November. This year most presentations seem to be in German, so probably it does ...

Read More

Windows 10: catching up to Google?

Windows 10 has turned out to be a very interesting update to the popular desktop operating system. Apparently, Microsoft envies Google for their success in spying on everyone and their dog through the Internet. Accordingly, Microsoft could not resist turning Windows into a mean spying machine. People were mightily surprised when all of the new ...

Read More

Continue the TrueCrypt discussion: Windows 10

I already pointed out previously that I do not see any alternative to the TrueCrypt for encrypting data on disk. TrueCrypt is the only tool that we can more or less trust so far. You will probably remember that Bruce Schneier recommended to use Windows encryption, the BitLocker, instead of TrueCrypt and I called that ...

Read More
Copyright © Holy Hash! All Rights Reserved.