2Q report by IBM X-Force, 23% of websites vulnerable.

CSRF or Cross Site Request forgery is the highest likely method of attack Broken Authentication is second And cross-site scripting(XSS) is third SQL Injection as well as security misconfigurations are also higher than 10% of he vulnerability types.   The IBM report at X-Force blog  recounts the challenges a web application scanner has as to … Read more

Apple beats estimates, what is this backdoor in iOS?

today Apple beat estimates:  Deadline.com  with 35.2 mil iPhones sold   threatpost  has the info about a “stream of data” on an iPhone It looks like Jonathan Zdziarksi, a forensic scientist  and at Twitter: @JZdziarski. found a backdoor in iOS, it is supposedly used by Apple for troubleshooting, diagnostics and enterprise.   Apple responded to … Read more

Another CC breach at Goodwill industries or not?

KrebsonSecurity has a good rundown on what we know so far. Basically there has been a breach, some CC companies are noticing bad traffic, and the US secret service is in on the act. July 17th  the first card companies were noticing suspicious traffic. There is no other information in the news reports Goodwill Industries … Read more

Excellent Security computing scientific papers collection

By Bradley Susser’s Blog bot24.blogspot.com  Science papers direct link I like Back to Basics  where the paper reviews our bad security model –  which used to work as networks were small and fixed computers on the inside protected from systems on the Internet.   Today our security model is where new devices get set up … Read more

Computer hacker pleads guilty on ATM fraud

CBS local in New York has an audio spot $14mil  in 2 days in 17 countries on 15000 ATM devices. Apparently JPMorgan Chase processed debit card transactions for the American Red Cross.   The hackers increased the withdrawal limits on the debit cards and then used the card information to withdraw money all over the … Read more