• #security on software development security and web security, security best practices and discussions, break-ins and countermeasures. Everything you ever wanted to know about software security but were afraid to ask, for fear of not understanding the answer!

What`s New

Heartbleed? That’s nothing. Here comes Microsoft SChannel!

The lot of hype around the so-called “Heartbleed” vulnerability in open-source cryptographic library OpenSSL was not really justified. Yes, many servers were affected but the vulnerability was quickly patched and it was only an information disclosure vulnerability. It could not be used to break into the servers directly. Now we have Microsoft Secure Channel library ...

Read More

Visualization of world’s largest data breaches

I stumbled upon a very interesting infographic that portrays some of the world’s biggest data breaches in a running bubble diagram. Entertaining and potentially useful in presentations Have a look.

Read More

Crypto Wars 2.0: Let the Trolling Commence (and don’t trust your phone)

An excellent article by Sven Tuerpe argues that we pay excessive attention to the problems of encryption and insufficient – to the problems of system security. I wholeheartedly agree with that statement. Read the original article: Crypto Wars 2.0: Let the Trolling Commence (and don’t trust your phone). Security cannot be based solely on the ...

Read More

Facebook “joins” Tor – good-bye, privacy!

Multiple publications are touting the announcement by Facebook of a Tor-enabled version of the social networking website as nothing short of a breakthrough for anonymous access from “repressed nations”. They think that the people around the world who wish their identity and activity online to remain hidden will now have a great time of using ...

Read More

Three roads to product security

I mentioned previously that there are three ways to secure a product from the point of view of a product manufacturing company. Here is a little more detailed explanation. This is my personal approach to classifying product security and you do not have to stick to this but I find it useful when creating or ...

Read More

Secure the future – have a change of mind!

The future of the enterprise can be secured provided that it is properly organized and operated with full understanding of its economics. The current concentration on “profit here and now” is extremely harmful to the survival of the economy of the world as a whole and every given enterprise in particular. Why is that? There ...

Read More

More on WordPress xmlrpc denial of service attacks

The attacks on WordPress using xmlrpc.php service are rather common. I already mentioned that you could filter out unwanted user-agents using the redirect capability of Apache. That would, however, take care only of obvious cases, where you see that this particular user-agent could not possibly be your reader. What do we do if the user-agent ...

Read More

Dark alleys of cybersecurity

The security of the so-called “cyberspace” has deteriorated beyond belief. Some people tell me that my stories are far-fetched and that I view the security and computer industry with some sort of a depressing negativism. I disagree. The problem is, I am trying to stay positive and optimistic. My tales rarely go to the full ...

Read More

Strategy towards more IT security: the road paved with misconceptions

The strategy towards more IT security in the “Internet of Things” is based a little more than entirely on misconceptions and ignorance. The policy makers simply reinforce each other’s “ideas” without any awareness of where the road they follow is leading. As I listened on in the K-ITS 2014 conference, it became painfully obvious that ...

Read More

Mitigating Denial of Service attacks to WordPress xmlrpc

I have attracted attention, apparently. My website is under a Distributed Denial of Service (DDOS) attack by a botnet for the last week. I am flattered, of course, but I could live without a DDOS, frankly. The requests go to xmlrpc.php every second or two from a different IP address from around the world: POST ...

Read More