Microsoft's Bug Bounty Program and the Law of Unintended Consequences

The Microsoft bug bounty program has been nearly a decade in the making and it is clear from the shape and size of it that the company did not simply slap the program together in order to join the cool kids. Rather, Microsoft’s security team spent years watching the way other programs work, seein...

Brad Arkin Named Adobe CSO

Adobe has named Brad Arkin to the newly created position of CSO, a major expansion of responsibilities for Arkin, who has been leading the company’s product security and privacy initiatives. Adobe has been in the security spotlight for several years now, as attackers have focused their attention ...

DoD Inspector General Calls Out Army CIO For Poor Mobile Device Security

The CIO of the U.S. Army failed to put in place a comprehensive security program capable of protecting data stored on commercial mobile devices such as iPhones and Androids, leaving sensitive information in key Army installations exposed. The Inspector General of the Department of Defense took th...

Privacy of Millions of HTC devices at risk

More than 18 million smartphones and other mobile devices made by HTC are at risk vulnerable to many security and privacy issue. The Federal Trade Commission charged HTC with customizing the software on its Android- and Windows based phones in ways that let third-party applications install softwa...

Privacy of Millions of HTC devices at risk

More than 18 million smartphones and other mobile devices made by HTC are at risk vulnerable to many security and privacy issue. The Federal Trade Commission charged HTC with customizing the software on its Android- and Windows based phones in ways that let third-party applications install softwa...

Changes to Mozilla Security Program Foster Open Source Security Tool Development

Mozilla recently announced some changes to the way it will interact with members of the security community who contribute code, bug reports and fixes for the Firefox Web browser and other open source tools under Mozilla’s watch. Michael Coates, director of security assurance at Mozilla, recently...

Microsoft's SDL Expands Beyond Redmond

It’s been more than 10 years now since Microsoft began the initiative that would eventually become Trustworthy Computing, and while the effects it’s had inside the company have been well documented, the utility and adoption of the Security Development Lifecycle by outside organizations and...

RockYou Agrees to $250K FTC Fine Over Loss Of 32m Passwords

The Federal Trade Commission announced on Tuesday that it had reached a settlement with RockYou over violations of the Children’s Online Privacy Protection Act COPPA after the Web site allowed hackers to gain access to the personal information of its 32 million members. In a statement published o...

White House Launches Electric Industry Security Maturity Model Program

The White House has launched a new initiative designed to help companies in the electric power industry measure the maturity of their security programs against a new maturity model. The program is being run in tandem with the Department of Homeland Security and Department of Energy and is meant t...

From the In-Security Land to Security in the Cloud

From the In-Security Land to Security in the Cloud "This article aims to share with you some thoughts and concepts associated with Cloud Computing and the risks involved for those who want to venture into the benefits it offers" -- Mariano M. Río "From the In-Security Land to Security in the Clou...

Nation-State Attackers Are Adobe's Biggest Worry

SAN FRANCISCO–It’s no secret that attackers have made Adobe’s products key targets for the last couple of years, routinely going after bugs in Reader, Flash and Acrobat in targeted attacks and widespread campaigns alike. But it’s not just the rank-and-file bad guys who are making Adobe a priority...

Keyloggers in Samsung Laptops, Officials says - Samsung laptops are in fact secure !

Keyloggers in Samsung Laptops, Officials says - Samsung laptops are in fact secure ! We'll start by saying that we've reached out to Samsung for a response here, but as of now, no reply has been given -- neither a confirmation nor a refusal of truth. Why bother mentioning that? If this here story...

WikiLeaks Prompts Federal Agencies to Assess Infosec Programs for Sensitive Data

In response to the embarrassment and perceived threat resulting from the WikiLeaks disclosures in recent months, the Office of Management and Budget has issued a hefty memo with pages of questions that federal agencies must use to conduct an initial assessment of their programs to handle and...

Has Apple Gotten Religion on Software Security?

Information security is an unpredictable, fluid discipline. There are very few absolute truths, but for the last few years, one of those has been that Apple isn’t paying much attention to software security. At least that’s the received wisdom. This theory is based mainly on the fact that security...

Charlie Miller on Mac OS X, Pwn2Own and Writing Exploits

The following is the full transcript of a live Threatpost chat with Charlie Miller, a vulnerability researcher at Independent Security Evaluators. During this session, Miller discussed his approach to finding security flaws, his work on fuzzing applications, his plans for this year’s Pwn2Own hack...

Why Bob Maley's Firing is Bad for All of Us

The news that Pennsylvania CISO Bob Maley lost his job for publicly discussing a security incident at last week’s RSA Conference really shouldn’t come as a surprise, but it does. Even for a government agency, this kind of lack of understanding of what actually matters is appalling and it is a...

Q&A: Andy Weeks Discusses the Challenges of Reconciling Security and Compliance

Dennis Fisher: Okay, welcome to the Digital Underground podcast. This is the third in our CSO series of podcasts with high level information security professionals and I’m very happy to have on the line today my guest Andy Weeks who is the manager of risk and compliance for enterprise information...

Audit Finds Gaping Holes in NASA Security

The U.S. Government Accountability Office GAO has painted a bleak picture of the NASA’s IT security posture. An audit of the space agency’s computer systems found weaknesses in several critical areas, especially in the way NASA implemented access controls like user accounts, passwords and the...

Real World Security – Bob Maley Interview

In the first installment of a new regular series, Dennis Fisher talks with Bob Maley, the CSO of the Commonwealth of Pennsylvania, about the challenges of running an information security program in a government agency, the effects of the economy on his efforts and the ways in which user education...

Hathaway, Obama administration swing and miss at RSA

Much of the talk at the RSA Conference last week centered on the lack of the unifying theme or big-time story that usually emerges to take over the show by mid-week. But there was, in fact, a major story, and it was the abject failure of the Obama administration, in the person of Melissa Hathaway...