StrongSalt’s new Open Privacy API offers ‘encryption as a service’

Encryption as a service provider StrongSalt has released its Open Privacy API to improve the security of developers’ applications.

StrongSalt was founded by Ed Yu, the former founding engineer of cybersecurity giant FireEye. Back in September, StrongSalt raised $3 million in seed funding from Valley Capital Partners.

Claiming it wants to “do for encryption what Stripe has done for payments and Twilio has done for communications,” StrongSalt offers APIs and SDKs for most of the leading cloud...

By Ryan Daws, 10 December 2019, 0 comments. Categories: API, Cloud, Hacking, Industry, Platforms, Security.

Sophos launches a security analysis platform for developers

British cybersecurity firm Sophos has launched a new threat intelligence and analysis platform for developers.

SophosLabs Intelix helps developers to build more secure applications through simple API calls. Developers can use an API call to assess the risk of things like files, IP addresses, URLs, and more.

Sophos claims the platform is continuously updated and features petabytes of...

By Ryan Daws, 06 December 2019, 0 comments. Categories: API, Hacking, Industry, Platforms, Security.

PWNED: Researcher uses broken API to print message on GPS watches

A German security researcher printed the word “PWNED!” on hundreds of GPS watches to prove a point about a broken API.

Christopher Bleckmann-Dreher discovered a vulnerability in an API used by Austrian GPS watch manufacturer Vidimensio.

The firm’s watches are used by a wide range of the population from the elderly down to children, and it affected over 20 models.

Dreher alerted Vidimensio to the problem but it was ignored for over a year. Given the potential for much greater risk in the...

By Ryan Daws, 03 April 2019, 0 comments. Categories: API, Hacking, Security.

Report: Open source breaches have increased by 71 percent

A report from Sonatype highlights that open source breaches have increased by a whopping 71 percent along with several other security findings.

This report is the largest DevOps survey conducted by Sonatype with 5,558 people sharing their views. Participants were from most of the major sectors but primarily in the technology and banking/financial industries.

Respondents’ primary reason for implementing security across the development lifecycle is for risk management (34.77%) purposes, followed by...

By Ryan Daws, 04 March 2019, 0 comments. Categories: Hacking, Industry, Security.

Fortnite developer and Google have an Epic spat over vulnerability​​​​​​​

Fortnite developer Epic is not too pleased with the way in which Google publicly disclosed a security vulnerability with the game’s Android installer.

Rather than pay the 30 percent cut which Google takes from distributing games through its Play Store, Epic decided to bypass the official app store in favour of its own installer.

Sideloading games poses an increased risk to consumers as it bypasses many of...

By Ryan Daws, 28 August 2018, 0 comments. Categories: Android, Gaming, Hacking, Industry, Platforms, Security.

Google's new API improves biometric authentication in Android P

Google has announced a biometric authentication API which enables developers to improve the security of their apps.

Biometrics has become a favoured and quick security method for users. While there are certainly more secure methods of authentication, few are so fast and unintrusive.

Vishwath Mohan, Security Engineer at Google, wrote in a blog post:

“Biometric authentication mechanisms are becoming increasingly popular, and it's...

By Ryan Daws, 22 June 2018, 0 comments. Categories: Android, API, Hacking, Platforms, Security.

Microsoft and Google say they have found a fourth Meltdown-Spectre variant

Bad news, everyone. If you thought we were out of the woods when it comes to the Meltdown / Spectre CPU security flaws, then think again. Researchers from Microsoft and Google have identified a previously unknown fourth variant of the processor design issues that made front page news when they were discovered last year.

Like its predecessors, variant 4 (or CVE-2018-3639, to give its full name) describes a processor design issue that could allow malicious software to discover hidden information, such as a...

By William Judd, 22 May 2018, 0 comments. Categories: Hacking, Security.

'Efail' exploit circumvents PGP and S/MIME email encryption

If you rely on encrypted email via PGP or S/MIME, you may want to temporarily switch to a new form of communication, as serious issues have been found with how these standards are implemented in many popular email programs on Windows, Linux, macOS and Android.

Following an initial advisory on Monday, European researchers published an exploit called Efail in a paper called Breaking S/Mime and OpenPGP Email Encryption Using Exfiltration Channels.

The paper outlines...

By William Judd, 15 May 2018, 0 comments. Categories: Ethics, Hacking, Industry.