• #security on software development security and web security, security best practices and discussions, break-ins and countermeasures. Everything you ever wanted to know about software security but were afraid to ask, for fear of not understanding the answer!

What`s New

Cheap security in real life?

Security concerns are on the rise, companies are beginning to worry about the software they use. I received again a question that bears answering for all the people and all the companies out there because this is a situation that happens often nowadays. So here is my answer to the question that can be formulated ...

Read More

They never learn password security: Domino Pizza

France and Belgium Domino Pizza password database was stolen by the hackers of Rex Mundi. They require a 30,000 euro payment to avoid disclosure. Well, Domino Pizza went to police, so theĀ 592,000 French and 58,000 Belgian customer records will be in the open tonight. What is interesting though? This is 2014. Do you know what ...

Read More

TrueCrypt disappears

Quite abruptly, the TrueCrypt disk encryption tool is no more. The announcement says that the tool is no longer secure and should not be used. The website provides a heavily modified version of TrueCrypt (7.2) that allows one to decrypt the data and export it from a TrueCrypt volume. Many questions are asked around what ...

Read More

Over-engineering

Causes for security problems are legion. One of the high pertinence problems in software development is called “over-engineering” – creation of over-complicated design or over-complicated code not justified by the complexity of the task at hand. Often it comes as a result of the designer’s desire to show off, to demonstrate the knowledge of all ...

Read More

Software Security vs. Food Safety

My friend works in a large restaurant chain in St-Petersburg. She is pretty high up in the command after all these years. We talk about all sorts of things when we meet up and once she told me about how they have to deal with safety and quality inspections and how bothersome and expensive they ...

Read More

Fraud Botnet Controls Sales Terminals

Ah, the humanity. ArsTechnica reports that researchers came across a proper botnet that controls 31 Point Of Sales (POS) servers with an unknown number of actual sales terminals connected to them. The botnet is operational, i.e., it is running and collecting the credit card data. The data is transmitted during idle times in an encrypted ...

Read More

Camera and microphone attack on smartphones

The researches at the University of Cambridge have published a paper titled “PIN Skimmer: Inferring PINs Through The Camera and Microphone” describing a new approach to recovering PIN codes entered on a mobile on-screen keyboard. We had seen applications use the accelerometer and gyroscope before to infer the buttons pressed. This time, they use the ...

Read More

Can I interest you in more security, sir?

The last week’s meeting of the IETF discussed security of the Internet and the recent revelations that the NSA turned the Internet into a giant surveillance machine. While the sentiment was clear that the Internet should not allow itself to such abuse, there is little evidence that anything at all could be done about it. ...

Read More

Guard your secrets

I meant to write about the subject of spying and corporate information security for a while now but got around to it only now. The article Confessions of a Corporate Spy has provided an excellent background for the discussion and is absolutely worth a read. Twenty years ago the corporate spying was already abound and ...

Read More

Google bots subversion

There is a lot of truth in saying that every tool can be used by good and by evil. There is no point in blocking the tools themselves as the attacker will turn to new tools and subvert the very familiar tools in unexpected ways. Now Google crawler bots were turned into such a weapon ...

Read More