Brian Prince

Whodunit? Finding Security Vulnerabilities in Application Code by Brian Princecode provided by Veracode and Qualys File/Path Manipulation This occurs when the software allows user input to control or influence paths that are used in filesystem operations. This vulnerability could permit an attacker to access or change system files and other files critical to the application. […]

An audit isn’t worth much if the people doing it are cutting corners. Unfortunately, a survey by the folks at Tufin Technologies suggests many IT pros may be doing exactly that. The survey, which was conducted at the InfoSecurity Europe 2009 Conference in April, took opinions from 151 IT security pros. The aim was to […]

Last year, Google detected one trillion unique URLs on the Web at once. The vehicle that gets users to those places is search, but within those trillion URLs are a lot of dark alleyways that are home to attackers. According to McAfee, some of the riskiest searches on the Internet today are associated with finding […]

Ingres has bundled its database software with Red Hat’s JBoss middleware in a nod to application developers. With the release of the Ingres Development Stack for JBoss, Ingres is combining its database with JBoss Developer Studio and JBoss Enterprise Application Platform. The offering includes all the components of Ingres Database and JBoss Developer Studio with […]

In case anyone thought the U.S. government was the only one with problems protecting information, the British Ministry of Defense (MoD) experienced a breach of its own last September when three portable USB drives went missing. The most interesting part, however, is not that data went missing – it’s the nature of the information itself. […]

U.S. President Barack Obama is expected to name a cyber-security czar and release the much-anticipated results of an extensive security review of the country’s cyber infrastructure on Friday, according to press reports. The cyber-security position will be part of a newly consolidated body of advisers composed of members of the White House National Security Council […]

Nokia officially put out the welcome mat at the door of its Ovi Store today, stocking its virtual shelves with mobile applications, games, productivity tools and more for dozens of models of Nokia phones. Just like in the Apple App Store, some of those applications are developed by third parties, making the task of ensuring […]

Two of the Web’s most popular social networks, Facebook and Twitter, made the news last week when they were hit with phishing scams. Despite the publicity, most phishers targeting enterprise data are not hooking victims via social networks-at least not yet. “We’ve yet to respond to an incident where messaging from social networking sites like […]

The latest update to Google Chrome came with a few new bells and whistles, and lots of talk about speed. But what about security? Browser vendors have been struggling to keep pace with the growing Web threat landscape. Internet Explorer 8 added a number of security features. In the latest release of the browser, Google […]

The folks at Sophos are reporting a new phishing scam on Twitter. In this episode of “When Malware Writers Attack,” senior technology consultant Graham Cluley blogged that he received a message saying he was being followed on Twitter by someone called “3XNJTVJG0SYIKDH.” This person was already following nearly 400 people on Twitter, and had only […]