What app developers need to know about the DOJ’s formal request for encryption backdoors

When we text via Apple’s iMessage, WhatsApp, Signal, or a host of other messaging services, those messages are protected in ways communications across most other platforms are not. The reason is these select app developers use “end-to-end encryption” (or “E2EE”), which encrypts all messages before leaving the sender’s device and can only be decrypted by the recipient’s device. The only way to access and view these messages is by having the sender’s or recipient’s phone...

‘Missions’ teach secure code practices to all those new programmers

Secure Code Warrior has launched ‘Missions’ to help teach safe coding practices during a time when more people are learning to code than ever.

As we reported in September, one in four people used their extra time at home during the first COVID-19 lockdown to start coding. With second lockdowns now in many countries, it’s likely even more people have taken their first steps in programming.

While the world could always do with more coders, the pandemic has also...

Why you need honeypots in the cloud: A guide

IT threats such as cyberattacks, worms, viruses, and other digital threats are valid concerns for anyone who connects their systems to the internet.

Businesses that operate digitally - in other words, using the cloud - are especially vulnerable to a variety of cyber threats; some of them not yet known even to security companies.

Security mechanisms such as honeypots can detect various types of attacks, whether it is a server, router, cloud, network, or...

How to ensure your security tools work with testing for security validation

Realising that your security systems have vulnerabilities after a cyber-attack could significantly damage both your company’s reputation and profit. If your organisation or company is online and digital, security systems might be in place, but you might not be sure they truly work.

A good security validation approach is based on testing current cybersecurity with tools that can save your company from major financial losses and data leakage.

Is your business likely to be a...

Decentralised platform Ethereum is hiring a dedicated security team for 2.0

The Ethereum Foundation is hiring a dedicated security team to ensure the next version of the decentralised platform is as robust as it needs to be.

A lot of money relies on the security of Ethereum. The explosion in DeFi (decentralised finance) means there is now $4.3 billion "locked up" in Ethereum apps – an increase of 442% over the past three months. Yet, this is tiny compared to the figures we could be discussing in a few years as DeFi growth continues and more use cases...

Congress wants Apple and Google to clamp down on foreign apps

Congress is calling on Apple and Google to clamp down on apps that weren’t born in the USA (cue Springsteen).

Trump’s administration is currently mulling a complete ban of any Chinese software but, while that debate is ongoing, Congress wants the two largest mobile platform holders to begin clamping down on foreign apps in less radical ways.

The Congressional Committee on Oversight and Reform has sent two letters to the CEOs of Apple and Google to request they probe...

GitHub warns Java developers about malware infecting NetBeans projects

GitHub has issued a warning to Java developers about malware which is specifically infecting NetBeans projects.

The security team for the world’s largest repository host has dubbed the malware Octopus Scanner and found “26 open source projects that were backdoored by this malware and that were actively serving backdoored code.”

GitHub notes the malware is designed to backdoor projects created using the Apache NetBeans IDE – a phenomenon they had not seen before...

Veracode: Open-source libraries cause security flaws in 70% of apps

Research from Veracode suggests that 70 percent of apps have security flaws due to their use of open-source libraries.

The application security firm set out to determine the risk one flawed library can pose to software. For its The State of Software Security (SOSS): Open Source Edition report, Veracode analysed 351,000 libraries across the Veracode platform database of 85,000 applications.

On an initial scan, 70 percent of applications were found to have a security flaw...

Safari soon won’t accept HTTPS certificates longer than 13 months

Apple announced during last week’s CA/Browser Forum that Safari will soon reject any HTTPS certificates that expire in any longer than 13 months.

The CA/Browser Forum is a voluntary consortium that began in 2005 as part of an effort among certification authorities and browser software vendors to provide greater assurance to web users about the sites they visit.

HTTPS certificates, using TLS encryption, help to ensure the sites a user visits are safe and legitimate....

Linux Foundation and LISH publish latest open-source census with suggestions to boost security

The latest open-source census has been published by the Linux Foundation and Laboratory for Innovation Science at Harvard University (LISH) with some interesting observations.

Now in its second edition, the census examines the current state of open-source software. The latest report, catchily titled “Vulnerabilities in the Core, a Preliminary Report and Census II of Open Source Software," focuses on common Free and Open Source Software (FOSS) used in production...