Monday, 8 November 2010

Securing Your Android Phone

Very informative article on securing Android phones from the front end and back end. Google is also working it's security issues internally. Nice to see companies taking such an active interest in security.

Posted by jherrington at 11:39 AM in News

Tuesday, 26 October 2010

Facebook's One Time Password

I'm not passing judgement on Facebook's one-time password system. Not because I don't care about it, I just don't know enough about that technique. So what's the consensus on it? Going too far and potentially messing folks up even though it's more secure? Falling short of the mark and not providing adding any real security? Or did it hit the mark just right? Let me know at jherrington at fortify dot com.

Posted by jherrington at 10:36 AM in News

Monday, 25 October 2010

Interesting news of late

Some interesting security news stories out in the past couple of weeks/days:

I apologize for not blogging as much in the past few weeks. Things have been pretty busy around here with the pending new release. Additionally we are doing a lot of hiring, and also looking to do that Fortify Camp sometime next year. If you have any leads or ideas in any of those areas please contact me at jherrington at fortify dot com.

Posted by jherrington at 9:34 AM in News

Wednesday, 13 October 2010

Awareness of Awareness

October is National Cyber Security Awareness Month! I didn't know. Every month is Cybersecurity Awareness Month as far as I'm concerned. Do not relegate your application security concerns to this 31-day span. Attackers practice incessantly; we too must show constant vigilance.
Posted by ssundar at 8:51 AM in News

Monday, 11 October 2010

Why I'm Glad I Don't Work In The Military

Wired has an amazing chart of the 163 security regs that military folks have to get through before they can make IT changes. Wow.

Posted by jherrington at 3:19 PM in News

Monday, 4 October 2010

More on Stuxnet

Another cool article on the Stuxnet worm, how it was designed and how it spread beyond it's intended limits.

Posted by jherrington at 10:48 AM in News

Tuesday, 28 September 2010

You Don't Have to Be A Genius to Work Here, But It Helps

The MacArthur Foundation announced its 2010 grant recipients. These fellowships are popularly known as Genius Awards, though no recipient would refer to herself as such. Such luminaries as author David Foster Wallace and mathematician Terence Tao have won this award.

This year the MacArthur Foundation recognized Dawn Song, Computer Security Specialist. As Computer Security Specialists ourselves, we at Fortify are thrilled to see one of our own lauded in this way. Congratulations Professor Dawn Song!

This is the first time the the MacArthur Fellowship's thirty-year history that a recipient's area of principal focus is computer security. This certainly testifies to the prolific Prof. Song and the quality of her work. It speaks highly also to the maturity and importance of this field. Let us ride the swell of Dr. Song's recent award to develop and share good security practices.

Posted by ssundar at 2:31 PM in News

Internal security Threats

Fascinating article on internal security threats specifically around the theft of intellectual property. Well worth the read.

Posted by jherrington at 11:36 AM in News

Wednesday, 22 September 2010

Stuxnet - Going from virtual attacks to physical

Amazing article on Stuxnet, a piece of malware so complex that it's taken four months just to decipher it's purpose. Which turns out to be... attacking an Iranian nuclear power plant. So this piece of malware operating in the virtual world is intended to destroy a physical plant in the real world. Methinks we will be seeing more of this type of thing.

Posted by jherrington at 9:42 AM in News

Tuesday, 21 September 2010

Gartner Mobile Commerce Findings

Gartner has come out with some findings in the mobile commerce security space. Long story short; not unexpectedly, security tools has lagged behind mobile e-commerce development. Definitely some room for improvement. Though one has to wonder how long the distinction between mobile device and computer as there is increasingly little difference between the two.

Posted by jherrington at 9:52 AM in News