Latest News

source-code-46933.jpg

Hidden Security Risks of XML Parsing (XXE Attack)

Many business such as airfare and price-comparison sites, use web scraping to monitor product pricing, availability and trending as a part of their business model. One of the most popular libraries for this, Nokogiri, contains a potential for abuse if implemented by developers improperly. This is not a new technique, the issue has been discussed […]

heartbleed

A Bad Day for OpenSSL: Heartbleed Vulnerability (CVE-2014-0160)

Today a major security issue was announced in the OpenSSL library (CVE-2014-0160), nicknamed “Heartbleed”. US-Cert released details in an announcement early this morning, which was followed up by more information late this afternoon. What is the Risk of Heartbleed? The issue is a serious vulnerability in the OpenSSL cryptographic software library. Successful exploitation allows a […]

download

A Dangerous Disconnect in the C-Suite for IT Security

Since January 2013, according to the Privacy Rights Clearinghouse data breach database, there have been 516 publicly disclosed data breaches from the business sector. These breaches have affected nearly 53 million records. That’s just from the private sector, and does not include the many nonprofits and government breaches that occurred within the same time period. […]

icon_only

Announcing: WireHarbor Patrol v1.0 Beta Availability

WireHarbor Patrol v1.0 Beta is ready for testing WireHarbor Security, Inc. is pleased to announce that the limited beta release of WireHarbor Patrol v1.0 is now available. This beta release is made to select clients to allow us to test and evaluate the next major version of WireHarbor Patrol, but is not recommended for production […]

ios-keychain-img

Major Apple iOS SSL/TLS Security Flaw Announced

Over the weekend the internet has been abuzz about a very quietly released security patch from Apple. On Friday they announced an update related to iOS versions prior to 7.0.6 and the use of SSL/TLS. This issue appears to have been “in the wild” and potentially being exploited since September 2012. SSL/TLS on Apple iOS […]