• #security on software development security and web security, security best practices and discussions, break-ins and countermeasures. Everything you ever wanted to know about software security but were afraid to ask, for fear of not understanding the answer!

news

Security Breach at Unique Vintage

There is news that women’s clothing website Unique Vintage has sent notifications to the customers that the site has been breached and the customer information was exposed. What is interesting is that the website is fully PCI compliant, i.e. it follows all rules for security set forth by the credit card industry. And still, it ...

Read More

In the news

I do not often want to comment the news so today is a special day. The first piece is an article on the popular subject of NSA Web Surveillance quoting some well-known people starts off on a good direction but gets derailed somehow into recommending obscurity for security. Strange as it is we really should ...

Read More

Ignoring security is not a good idea…

  I see that HTC got finally whacked over the head for the lack of security in their Android smartphones. I will have to contain myself here and will leave aside the inherent issues surrounding Android, its security and model of operation that will hurt … Ok, ok, I stop now. So, HTC got dragged ...

Read More

The art of unexpected

I am reading through the report of a Google vulnerability on The Reg and laughing. This is a wonderful demonstration of what the attackers do to your systems – they apply the unexpected. The story is always the same. When we build a system, we try to foresee the ways in which it will be ...

Read More

Supply chain: Huawei and ZTE

US House of Representatives published an interesting report about their concerns with Huawei and ZTE, large Chinese telecom equipment providers. The report states openly that there are concerns that the equipment, parts and software may be manipulated by the Chinese government agencies, or on their behalf, in order to conduct military, state and business intelligence. ...

Read More

SHA-3 is there!

NIST has announced the end of the Secure Hash Algorithm competition the day before yesterday, naming Keccak as the winner and making it the SHA-3 algorithm. The complete announcement from NIST is here. One thing of note is that since the algorithm was developed by STMicroelectronics and NXP Semiconductors, the algorithm is heavily optimized for ...

Read More

IEEE should be embarrassed

“The world’s largest professional association for the advancement of technology” has been thoroughly embarrassed in an accident where they left their log files containing user names and passwords open for FTP access to all on the Net for more than a month, according to a DarkReading report. Or, at least, I think they should be ...

Read More

Car software security

I stumbled across an article on car software viruses. I did not see anything unexpected really. The experts “hope” to get it all fixed before the word gets out and things start getting messy. Which tells us that things are in a pretty bad shape right now. The funny thing is though that the academic ...

Read More

Google on privacy

Google has been fined $22.5 million for breaching its privacy commitment and bypassing Apple’s Safari users security settings. As the article in Mercury News comments, citing Consumer Watchdog, “the commission has allowed Google to buy its way out of trouble for an amount that probably is less than the company spends on lunches for its ...

Read More

News: Website and app security tips

TechRepublic has an interesting article “Website and app security tips for software developers” that talks in a very short space about a whole bunch of things, from the “shelf life of software developers” to the advice on security for the website developer. It provides in particular an interesting insight into why a person thoroughly familiar ...

Read More
Copyright © Holy Hash! All Rights Reserved.