How Threat Modeling Helps Discover Security Vulnerabilities Application threat modeling can be used as an approach to secure software development, as it is a nice preventative measure for dealing with security issues, and mitigates the time and effort required to deal with vulnerabilities that may arise later throughout the application’s production life cycle. Unfortunately, it seems security has no place in

MINIX — The most popular OS in the world, thanks to Intel | Network World I did not know this earlier (I knew about another OS inside but did not know which it was): You might not know it, but inside your Intel system, you have an operating system running in addition to your main OS, MINIX. And it’s raising eyebrows and concerns.

Report Scores Cities to See if Technology Makes Them Safer – IEEE Spectrum  More and more people are migrating to cities. By 2030, 60 percent of the world’s population will live in an urban setting, according to the United Nations. How can these growing cities reduce conflicts, crime, violence, and terrorism? In a word: technology. 

Performing & Preventing SSL Stripping: A Plain-English Primer Article on SSL security.   It is beyond doubt that it is simply not secure to blindly trust the medium that connects your users to the internet. HTTPS was created to allow HTTP traffic to be transmitted in encrypted form  This blog post presents a plain-english primer on how HTTPS protection can be stripped and

After quietly infecting a million devices, Reaper botnet set to be worse than Mirai | ZDNet A little over a month ago, a sizable botnet of infected Internet of Things devices began appearing on the radar of security researchers. Now it’s on track to become one of the largest botnets recorded in recent years. The botnet, dubbed “Reaper” by researchers at Netlab 360, is said to have ensnared almost two million internet-connected webcams,

To Secure the Internet of Things, We Must Build It Out of “Patchable” Hardware – IEEE Spectrum  For several years now, the number of things connected to the Internet—including phones, smart watches, fitness trackers, home thermostats, and various sensors—has exceeded the human population.   For the most part, this development promises great excitement and opportunity for engineers and society at large. But there is a dark cloud hanging over the IoT: the

Millions of high-security crypto keys crippled by newly discovered flaw | Ars Technica  A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, software- and application-signing, and trusted platform modules protecting government and corporate computers. The weakness allows attackers to calculate the private portion of any vulnerable key

Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping | Ars Technica An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severe vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.  There is a proof-of-concept exploit called KRACK, short for Key Reinstallation Attacks. KRACK

Troy Hunt: What Would It Look Like If We Put Warnings on IoT Devices Like We Do Cigarette Packets?  So how would warning labels on IoT devices that have had serious security vulnerabilities look?   Hilarious and also so needed. “Intrusions can occur anywhere”…  Or maybe it doesn’t need to be tech/legalspeak. WARNING! This connects to the INTERNET and BAD THINGS may happen!


Numerous companies have shamed themselves by posting their sensitive data and encryption keys to public cloud without any protection, where cyber criminals and security researches find them. What is the better way to get a bad dent to the “professional” cover of the data security consultanting company than doing exactly this? And yet those companies