Posts by Sarah Vonnegut:

puffchat-300x266

Pass on Puffchat, A Less Secure Snapchat

Mar 06, 2014 By Sarah Vonnegut | It’s telling enough when a private messenger is found to be leaking user information and the private messages it had promised to keep secure. But when a “secure” alternative to the private messenger has been found to be just as – if not more – risky, the jury is apparently still out on what a secure messaging app actually means.
And that’s where we are today, after the supposed ‘answer’ to hackable Snapchat, Puffchat, has also been found to be highly exploitable. The service, whose Twitter bio describes it as “the texting alternative to Snapchat – The evidence is gone forever,” contains several vulnerabilities, rendering it much less secure than it markets itself as and falsely representing itself.  

</Read More>
88437380-300x229

Loser Credentials: Stop The Insanity!

Mar 04, 2014 By Sarah Vonnegut | There’s a famous saying about how the definition of insanity is doing the same thing over and over and expecting different results. Nothing could be truer about the world’s relationship with passwords, and it’s a reality that should hit the security world even harder.
After all, as we recently learned, the Target hack affecting at least 110 million people began with a stolen username and password. Passwords have gotten lots of play in the news, especially in the security realm, but the bigger problem is in making passwords obsolete for hackers – especially for organizations with valuable data in store. A deeper level of authentication is now essential for a secure business.

</Read More>
yahoo-logo-300x70

Your Weekly Security Wrap-Up: Yahoo, Sears, YouTube & More

Mar 02, 2014 By Sarah Vonnegut | Yahoo’s in the news again with a new vulnerability (now fixed) and a starring role, unknown to them, in the Brit’s surveillance methods. With Sears possibly facing another breach and a cache of 360 million user credentials found for sale on the black market, there’s a lot to know about so take a few minutes and catch up on all you may have missed!

</Read More>
ios-keylogging-244x300

Second Major iOS Security Flaw Found, No Update Yet

Feb 25, 2014 By Sarah Vonnegut | Apple is having quite a rough week. While security world is still reeling from this past week’s vulnerability discovery and fix, researchers have identified yet another security flaw in Apple’s iOS that attackers could exploit to remotely monitor a user.
With this newly discovered vulnerability, hackers are able to log a user’s keystrokes, including touch inputs and button uses, using a ‘host’ app. The exploit targets a flaw in iOS’s multitasking capabilities to capture user inputs and send them to a remote server. The attacker could then use the data to recreate every action and character the user inputs.

</Read More>
iStock_000028848854Small-226x300

Crypto Flaws For All & The Weeks Other Security News

Feb 23, 2014 By Sarah Vonnegut | SSL encryption was the name of the security game this week, with major vulnerabilities –now fixed – facing both iOS and WhatsApp users and Neiman Marcus released a new analysis of their recent breach – and apparently someone was NOT paying attention. Catch up on all last week’s stories before RSA USA takes over your life!

</Read More>
iStock_000025750773Small-300x198

Simplifying Password Security Through Sound: Google’s New Tech ‘Toy’

Feb 18, 2014 By Sarah Vonnegut | Passwords have taken on a bad name lately. In countless security breaches and incidents, they’ve been too easy to crack, too difficult to remember, not encrypted enough, the right way, or at all. We each login to so many different sites on a daily basis, with each one supposed to have its own unique password so that even people with photographic memories would have trouble remembering them all.

</Read More>
iStock_000013338789Small-300x199

Crowdfunding Kickstarter Gets Hacked & Other Security Stories This Week

Feb 16, 2014 By Sarah Vonnegut | This week, Kickstarter suffered its’ first major breach with minor consequences, Target’s back in the ring with new reports indicating missed warnings from analysts about the payment systems, the Syrian Electronic Army strikes again, this time hitting Forbes, Internet Explorer suffered critical zero-day exploits and more. Before the next week full of security scares rolls in, take a moment to catch up on the stories you may have missed last week. 

</Read More>
iStock_000022339654Small-300x199

Keeping Up With The Hackers: Where To Practice Your Web Hacking Skills

Feb 13, 2014 By Sarah Vonnegut | This guest post is by application security professional Dave Ferguson. Keep up with Dave’s posts on his blog!
There’s a shortage of application security experts.  Hackers seem to continually have the upper hand over those trying to defend applications against threats.  One reason is that software has become so prevalent; This trend will only continue (we’ll need even more software if we’re going to enable The Internet of Things).  The bottom line is that we’re writing code faster than we can secure it.

</Read More>

RSA USA Preview: ‘It’s A Jungle Out There: The Security State of the CMS Platform’

Feb 11, 2014 By Sarah Vonnegut |
Checkmarx Founder & CTO Maty Siman will be leading a session at the conference this year on the security of the most popular content management systems and how to protect yourself against attacks:
It’s a Jungle Out There: The Security State of CMS Platforms
February 26th | 10:40 AM | Room 3012

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.