SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

60 Minutes & the "Signaling System Seven (SS7) Vulnerability"

Over the weekend, 60 Minutes featured a segment on how cellphones and mobile phone networks are vulnerable to hacking, exploiting a security flaw discovered in Signaling System Seven – or SS7. According to security researcher Karsten Nohl, “the..

Continue Reading >>

Why We Should Score Data Breaches

Contrast's CTO and Co-Founder, Jeff Williams, was interviewed by Forbes Magazine at Black Hat USA 2016 earlier this month. The interview focused on recent healthcare breaches and why we (the industry) should score data breaches. Jeff is quoted..

Continue Reading >>

Peiter Zatko's (Mudge) Cyber Independent Testing Lab methods.... just another flash in the pan?

Last week, The Intercept published an article (A Famed Hacker is Grading Thousands of Programs – and May Revolutionize Software in the Process) discussing a new method for testing and scoring the security of software. This new method – called the..

Continue Reading >>

"The DCCC Hacked:  SQL Injection?  Come on."

Jeff's comments here are a follow-up to his blog post "International hacks, politics and knee-jerk cybersecurity... never a good mix - Russia & the DNC Hack." You may want to read that post too!

Some software is more important than other..

Continue Reading >>

International hacks, politics and knee-jerk cybersecurity - never a good mix

The FBI is now leading an investigation into a hack into the Democratic National Committee. This is the first acknowledgment from the agency that they are probing the incident, which US officials suspect came from a Russian cyberattack. The FBI said..

Continue Reading >>

Hacked... Because of an Insecure Library

This morning, ZDNet’s Zack Whittaker reported a hacker has targeted the official forum for the mobile game Clash of Kings, stealing nearly 1.6 million accounts. According to the piece, the hacker exploited a known weakness in the forum’s..

Continue Reading >>

Point of View: Congress Ironically Hacks CISA into "Must Pass" Omnibus Spending Bill -- Destroys Privacy

The most recent omnibus spending bill now includes the Cybersecurity Information Sharing Act of 2015.  This bill provides broad protection to companies that share loosely defined "cybersecurity" information with government, even disallowing FOIA..

Continue Reading >>

Point of View: Potential security issues with vehicle to vehicle connected cars

The fundamental problem is that the industry hasn’t created a thorough (and openly available) threat model that adequately considers what hackers might do. The analysis of V2V communications I’ve read focuses on safety issues — what happens under..

Continue Reading >>

Point of View: $100MM cost of hacking

Many people think wires are the most secure way to send large sums of money. I’ve seen how many of these wires get processed, even wires for billions of dollars.  And it’s just like most other enterprise software — lots of vulnerabilities waiting to..

Continue Reading >>

Point of View: Delta flight and airline cybersecurity

This is always the tradeoff…   How do we balance the risk of providing some new, cool, useful feature against the risks that the new feature creates?  What makes this especially hard is that while the benefits are often immediate and concrete,..

Continue Reading >>

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook