January 10, 2014

Security analysis of mobile banking apps reveals significant weaknesses
While banking apps generally use SSL encryption for sensitive communications, Sanchez found that 90 percent of the tested apps also initiated several non-encrypted connections during their operation. This allows attackers who can intercept that traffic -- for example on an insecure wireless network -- to inject arbitrary JavaScript or HTML code into it, for example to display fake login prompts to the app's user or to launch other social engineering attacks. In addition, even when using encryption, 40 percent of the tested apps did not validate the authenticity of digital certificates they received from the server, making them vulnerable to man-in-the-middle attacks using fake certificates.

Data visualization best practices help users envision business success
"The context of why visualization is so powerful is because as people we're really wired to process images much better than the way we've been working, which is just [with] columns and rows of numbers," said Feinberg, president and founder of DecisionViz, a consultancy in Westfield, N.J., that helps companies develop and implement data visualization strategies and processes. He said visualization tools also open the doors to analytical data to more business users in organizations, which can help improve decision making and instill a more data-driven culture internally.

Simple and fast CSV library in C#
This library allows to save a collection of objects to a CSV file. It also allows loading from CSV files with linq expressions. It is: Simple to add to your application (Single C# file); Simple to use (loading and saving can be done with a single line of code); Fast (the demo creates a million client records in 2 seconds on my laptop); and Small memory footprint (tested with over 10,0000,000 records).

Net Medical Xpress Releases HIPAA-compliant WebRTC-enabled Telemedicine Solution
RTC (real-time communications) Conference Switch is HIPAA-compliant, which means that medical providers can discuss and transmit patient information without fear of compromising HIPAA and HITECH regulations. "Our RTC Switch, which is RSA asymmetrical, includes precise audit controls, public/private key encryption and Net Medical's Safety Pilot permission software," explained CEO Dick Govatski. Safety Pilot is a security protocol that routes calls and shared files through a complex route of encryption, authorizations, permissions and auditing. Doctors and patients can communicate via telemedicine without concerns about malware or unauthorized data access.

Ways To Deal With Botnet
Botnets use multiple attack vectors; no single technology can provide protection against them. For instance, the goal of a DDoS attack is to cripple a server. The goal of a phishing attack is to lure users to a spoofed Website and get them to reveal personal data. The goal of malware can range from collecting personal data on an infected PC to showing ads on it or sending spam from it. A defense-in-depth approach is essential to detect and mitigate the effects of botnets.

Network Monitoring Best Practices: Setting a Network Performance Baseline
In the simplest terms, a network performance baseline is a set of metrics used in network performance monitoring to define the normal working conditions of an enterprise network infrastructure. Engineers use network performance baselines for comparison to catch changes in traffic that could indicate a problem. Setting a network baseline also provides early indicators that application and network demands are pushing near the available capacity, giving the networking team the opportunity to plan for upgrades.

Curb Appeal: The Tipping Point for Redesign
When you’re working with limited resources and a small team though, you have to look for inspiration across different functions. You might be surprised to find that inspiration and innovation don’t just come from specific job titles. For us, the initial idea and design for our new homepage came from one of our software engineers during a monthly hack day. An unlikely source, yes – but it turned out to be not just a radical shift from our current site — but a shift we all believed might actually work for our members.

Intel's 64-bit Android 4.4 OS for x86 smartphones ready for OEMs
64-bit Android could reach tablets first. Intel said 64-bit Android tablets powered by its Atom processor code-named Bay Trail will become available in the first half of this year. The tablets are expected to sell for as low as $150. The code completion paves the way for device makers to load 64-bit Android and their own user interfaces on devices. A full 64-bit Android is not yet available on smartphones or tablets. Intel also hopes developers will start writing 64-bit applications for Android smartphones running on Atom chips, the spokeswoman said.

Hot data storage technologies for 2014
Some of our predictions are about storage technologies that have only recently emerged from R&D labs, but they bear so much promise that we think they will weigh in immediately. That's the nature of the storage market today: Technologies that used to take years to evolve and gain a following are topping the charts in short order these days. Case in point: solid-state storage's meteoric rise. In fact, the ever-developing flash storage is featured in this year's predictions, with two solid-state techs -- Non-Volatile Memory Express (NVMe) and 3D flash -- about to spring into prominence.

Coverity Testing Platform Expands Java Web App Coverage, Revamps C# Analysis Engine
Coverity Development Testing Platform 7.0 broadens Java Web application security coverage, adds new security audit views and reports, and revamps its C# analysis engine in what the company describes as a a major rewrite. The platform combines code analysis, change-aware unit test analysis, and policy management across the three most widely used enterprise programming languages: Java, C/C++, and C#.

Quote for the day:

"How committed are you? There is a remarkable difference between a commitment of 99% and 100%." -- Vic Conant

No comments:

Post a Comment