Very informative article on securing Android phones from the front end and back end. Google is also working it's security issues internally. Nice to see companies taking such an active interest in security.

I'm not passing judgement on Facebook's one-time password system. Not because I don't care about it, I just don't know enough about that technique. So what's the consensus on it? Going too far and potentially messing folks up even though it's more secure? Falling short of the mark and not providing adding any real security? Or did it hit the mark just right? Let me know at jherrington at fortify dot com.

Some interesting security news stories out in the past couple of weeks/days:

• The NSA just did a document dump. Looks like a lot of this stuff goes way, way back.
• NuCAPTCHA is going to try embedding the CAPTCHA text in a video. Certainly a novel approach.
• There is some news out that security jobs will be more in demand than ever as two out of three companies report successful hacks.

I apologize for not blogging as much in the past few weeks. Things have been pretty busy around here with the pending new release. Additionally we are doing a lot of hiring, and also looking to do that Fortify Camp sometime next year. If you have any leads or ideas in any of those areas please contact me at jherrington at fortify dot com.

Wired has an amazing chart of the 163 security regs that military folks have to get through before they can make IT changes. Wow.

Another cool article on the Stuxnet worm, how it was designed and how it spread beyond it's intended limits.

The MacArthur Foundation announced its 2010 grant recipients. These fellowships are popularly known as Genius Awards, though no recipient would refer to herself as such. Such luminaries as author David Foster Wallace and mathematician Terence Tao have won this award.

This year the MacArthur Foundation recognized Dawn Song, Computer Security Specialist. As Computer Security Specialists ourselves, we at Fortify are thrilled to see one of our own lauded in this way. Congratulations Professor Dawn Song!

This is the first time the the MacArthur Fellowship's thirty-year history that a recipient's area of principal focus is computer security. This certainly testifies to the prolific Prof. Song and the quality of her work. It speaks highly also to the maturity and importance of this field. Let us ride the swell of Dr. Song's recent award to develop and share good security practices.

Fascinating article on internal security threats specifically around the theft of intellectual property. Well worth the read.

Amazing article on Stuxnet, a piece of malware so complex that it's taken four months just to decipher it's purpose. Which turns out to be... attacking an Iranian nuclear power plant. So this piece of malware operating in the virtual world is intended to destroy a physical plant in the real world. Methinks we will be seeing more of this type of thing.

Gartner has come out with some findings in the mobile commerce security space. Long story short; not unexpectedly, security tools has lagged behind mobile e-commerce development. Definitely some room for improvement. Though one has to wonder how long the distinction between mobile device and computer as there is increasingly little difference between the two.