Cupertino Code Signing, The Next Generation (Maybe It'll Work)

Cupertino Code Signing, The Next Generation (Maybe It’ll Work)

via Josh Pitts (a staff engineer at OKTA), and writing on the company blog, comes a well crafted explanatory piece on what he has discovered in the third-party-code-signing Apple Inc. (NasdaqGS: AAPL) ...
face-mosaic copy.jpg

Facebookery: The Fourteen Million

News, via Dan Goodin - writing at ArsTechnica - of an apparent dev team screwup at Facebook Inc. (Nasdaq: FB). In which, the crack-dev-team at the purveyor of user data managed to ...
DREAD, The Pirate Approach

DREAD, The Pirate Approach

| | bug bounty, bugs, Code
via the inimitable Adam Shostack (author of The New School of Information Security) and Threat Modeling; a leader in the Threat Modeling arena), whilst writing at his fascinating blog, comes a sterling ...
Proof(s)

Proof(s)

Kevin Hartnett, Senior Writer at Quanta Magazine, expounds on the notion of formal code verification when utilzied to provide assurance of attack-proof code... Similar to unsinkable ocean liners, or truly attack-proof? Or, ...
   via   the inimitable and funny   Daniel Stori   at   turnoff.us

Daniel Stori’s ‘Commitland’

via the inimitable and funny Daniel Stori at turnoff.us ...
Explained: SQL injection

Explained: SQL injection

SQL injection is one of the most common attacks against businesses, with a high rate of success. So what can you do to prevent them? Categories: Business Security world Tags: breachcodedrop tableinjectionphp ...
Not 'API With Browser Codebases?

Not ‘API With Browser Codebases?

Terrific bit of reportage by Richard Chirgwin, whilst writing at El Reg and detailing the so-called cost-benefit methodology explaining efforts underway to further protect browser bits; and, while you're at it, examine ...
Loading...