What app developers need to know about the DOJ’s formal request for encryption backdoors

When we text via Apple’s iMessage, WhatsApp, Signal, or a host of other messaging services, those messages are protected in ways communications across most other platforms are not. The reason is these select app developers use “end-to-end encryption” (or “E2EE”), which encrypts all messages before leaving the sender’s device and can only be decrypted by the recipient’s device. The only way to access and view these messages is by having the sender’s or recipient’s phone...

‘Missions’ teach secure code practices to all those new programmers

Secure Code Warrior has launched ‘Missions’ to help teach safe coding practices during a time when more people are learning to code than ever.

As we reported in September, one in four people used their extra time at home during the first COVID-19 lockdown to start coding. With second lockdowns now in many countries, it’s likely even more people have taken their first steps in programming.

While the world could always do with more coders, the pandemic has also...

Decentralised platform Ethereum is hiring a dedicated security team for 2.0

The Ethereum Foundation is hiring a dedicated security team to ensure the next version of the decentralised platform is as robust as it needs to be.

A lot of money relies on the security of Ethereum. The explosion in DeFi (decentralised finance) means there is now $4.3 billion "locked up" in Ethereum apps – an increase of 442% over the past three months. Yet, this is tiny compared to the figures we could be discussing in a few years as DeFi growth continues and more use cases...

Congress wants Apple and Google to clamp down on foreign apps

Congress is calling on Apple and Google to clamp down on apps that weren’t born in the USA (cue Springsteen).

Trump’s administration is currently mulling a complete ban of any Chinese software but, while that debate is ongoing, Congress wants the two largest mobile platform holders to begin clamping down on foreign apps in less radical ways.

The Congressional Committee on Oversight and Reform has sent two letters to the CEOs of Apple and Google to request they probe...

GitHub warns Java developers about malware infecting NetBeans projects

GitHub has issued a warning to Java developers about malware which is specifically infecting NetBeans projects.

The security team for the world’s largest repository host has dubbed the malware Octopus Scanner and found “26 open source projects that were backdoored by this malware and that were actively serving backdoored code.”

GitHub notes the malware is designed to backdoor projects created using the Apache NetBeans IDE – a phenomenon they had not seen before...

Veracode: Open-source libraries cause security flaws in 70% of apps

Research from Veracode suggests that 70 percent of apps have security flaws due to their use of open-source libraries.

The application security firm set out to determine the risk one flawed library can pose to software. For its The State of Software Security (SOSS): Open Source Edition report, Veracode analysed 351,000 libraries across the Veracode platform database of 85,000 applications.

On an initial scan, 70 percent of applications were found to have a security flaw...