This is a software security blog. I start it mainly because something has to be done. The recent break-ins at the likes of LinkedIn and Yahoo show that even at the large companies people do not understand the basics of security. By looking at what is proposed and advised under the guise of security to people starting out to write their own web applications I understand that those are not far behind. Should their applications become famous, they will be broken as easily. There needs to be a place to discuss even the most basic things, so people do not keep making the same mistakes over and over again… like if it’s bloody Groundhog Day. My task as I see it is to convince you to use such security measures that it becomes cheaper for the attacker to break into your house than to attack your computer through the software. Once we are at that point, you start looking into the well-understood world of physical security and my task is done. But we are far from there.
Recent blog post
Fraud Botnet Controls Sales Terminals
Ah, the humanity. ArsTechnica reports that researches came across a proper botnet that controls 31 Point Of Sales (POS) servers with an unknown number of actual sales terminals connected to them. The botnet is operational, i.e. it is running and collectin...5 days ago
User reviewsPersonal attacks are NOT allowed
Please read our comment policy