Breaking News



Enlarge (credit: Simon Smith) Applications, operating systems, and firmware all need to be updated to defeat Meltdown and protect against Spectre, two attacks that exploit features of high-performance processors to leak information and undermine system security. The computing industry has been scrambling to respond after news of the problem broke early a few days into the new year. But that ...

When it comes to open source and security, one of the most popular words that pops into the head of security aficionados and professionals is “dread.” Certainly that perception is driven by open source’s reputation – it is seen as fast, easy, low cost and, well, risky. With unknown hands touching the code – and a surprisingly low number of developers maintaining common components – it’s challe...


Source: Ars Technica Security RSS

Jan 12, 2018
Enlarge (credit: Skype) Since its inception, Skype has been notable for its secretive, proprietary algorithm. It's also long had a complicated relationship with encryption: encryption is used by the Skype protocol, but the service has never been clear exactly how that encryption was implemented or exactly which privacy and security features it offers. That changes today in a big way. The new...

Enlarge (credit: Aurich / Getty) As the industry continues to grapple with the Meltdown and Spectre attacks, operating system and browser developers in particular are continuing to develop and test schemes to protect against the problems. Simultaneously, microcode updates to alter processor behavior are also starting to ship. Since news of these attacks first broke, it has been clear that re...

An Athlon 64 purchased in 2007. (credit: Fred) Microsoft has suspended delivering the latest Windows update to certain systems with AMD processors after reports that the update was causing the machines to crash with a blue screen of death when booting. The update contains countermeasures against both the Meltdown and Spectre attacks; although AMD systems are not affected by Meltdown, they're...


Source: Veracode.com

Jan 05, 2018
The industry-wide shift to DevOps practices has changed more than just developer processes. It has also had a major impact on security, including application security testing techniques. Static analysis, for instance, has had to evolve along with development processes. Unlike early versions of static analysis solutions that only assessed completed code at the end of the development cycle, toda...

Enlarge (credit: Jen) The Meltdown and Spectre flaws—two related vulnerabilities that enable a wide range of information disclosure from every mainstream processor, with particularly severe flaws for Intel and some ARM chips—were originally revealed privately to chip companies, operating system developers, and cloud computing providers. That private disclosure was scheduled to become public ...

Spectre Windows, Linux, and macOS have all received security patches that significantly alter how the operating systems handle virtual memory in order to protect against a hitherto undisclosed flaw. This is more than a little notable; it has been clear that Microsoft and the Linux kernel developers have been informed of some non-public security issue and have been rushing to fix it. B...