Today comes the disclosure of Shellshock - a critical vulnerability in the Bourne again shell for *nix-based systems, or Bash. This vulnerability, through carefully crafted values passed via environment variables, allows an attacker to execute arbitrary code on most linux and unix systems. Due to the extremely widespread nature of Bash throughout appliances and systems, we fear this CVSS 10 rated bug will be rearing its head for many, many years to come.
When deploying a secure mobile application one of the first thing you do is that you make sure that all communication is going over a secure channel such as HTTPS, however even though you are using a valid certificate and HTTPS, your application may still be vulnerable to several attacks.
One of the main threats is a man-in-the-middle (MitM) attack, which is a well-known technique that attackers utilize in order to setup a proxy with fake Certificate Authorities (CAs) to intercept traffic to and from your application to identify vulnerabilities.
The internet has become an integral part of our life. We use it for various functions, such as online banking, social media, retail purchases and online gambling. When browsing through various web sites, a lot of personal and financial information is being transmitted and stored across a number of systems. It’s no wonder that security has become a top priority when developing web applications.
I recently had to go in to bat for a client who was told by their PCI auditor that they would fail PCI and as a result have to notify all their clients that they were not PCI compliant. The reason they failed was because the ASV scanner picked up an F5 internal IP address disclosure vulnerability that their scanning engine Nessus picked up.
Coming from a family of civil engineers, I always knew that it is a rigorous process to ensure that a building is safe and secure for its occupants. But, its the first time I got a chance to see the complete construction lifecycle when they started building a multi-story business complex next to the building I live in.
Just over a year ago, I became a very real victim of the global financial crisis. The US - Australia E3 free trade visa is awesome, but it has a sting in the tail – once I had lost my job, our little family had to return from the USA within ten days. More importantly, our health insurance would run out around the same time, and you simply can’t be alive without health insurance in the USA. Leaving was pretty tough as I loved living in and travelling the USA, we had a life and friends, and my daughter was born there and at that time, didn’t have a passport let alone Australian citizenship.