Tag Archives: Security

Open Source Security Validation Plug-in [Cool!]

WhiteSource’s New Selection Tool Helps Developers Choose Better Open Source Components

OS X and iOS Unauthorized Cross Application Resource Access (XARA)

This is about rouge apps that preset the environment that other mass used apps will need once activated. Those rouge apps can later hook to those resources, having unauthorized access due to the fact they initiated the creation of the place holder for those resources.

The iOS sandbox protection mechanism can’t yet block this vulnerability.

This becomes very unsettling if you consider your iOS and OSx keychain password store can be exposed as well…

Read more on how this works and how to mitigate the risk. Basically avoid installing apps from

https://isc.sans.edu/diary/OS+X+and+iOS+Unauthorized+Cross+Application+Resource+Access+%28XARA%29/19815

IBM, Facebook and others unlock Threat data for the sake of humanity..

Check this out…

http://www.owler.com/iaApp/article/553003cfe4b0d169951431b0.htm

IBM and Facebook as well as others are starting to contribute to a massive big data based repository of threat related information.

I had an internal startup for some time that was targeting security as well as general operational data to point to trends that need attention such as disk series that are reaching failure points, apps that suddenly morph and such.

Another topic was cleansing the data from any personal or internal information by tokenizing it.

I stopped this startup since I got to meet someone who was doing the same and pointed to the fact that there’s already enough data on one hand (and now per this post we have got much more of that) and on the other hand companies would agree to share cleansed data but would not be able to do it due to regulations that take time to defuse.

In any case you have now lots of data too sip through if you are a hungry Data scientist…

Doing lots of encryption? Make sure your hardware and software uses AES-NI

While this may be an old news for you, I still see cases where it is overlooked. Intel’s processors supporting AES-NI standard can boost your encrypted data processes if the software you use utilizes the 7 processor encryption related built-in instruction set. It also includes DRNG (Dynamic Random Number Generator). So IT Managers want to make sure any server they have doing lots of encryption, has those new processors, while developers should make sure they use the AES-NI libraries for the encryption related code they create. Click here for info on AES-NI processors, software toosl and more.