Cigital Newsroom

Justice League Blog

Standard versus Proprietary Security Protocols

Standard Security Protocols An encyclopedia defines a security protocol as “a sequence of operations that ensure protection of data. Used with an underlying communication protocol, it provides secure delivery of data between two parties.” We…

Read More

Cordova InAppBrowser Remote Privilege Escalation

Earlier this year, I identified an interesting vulnerability (CVE-2014-0073) in one of Apache Cordova’s core plug-ins (InAppBrowser). Cordova, also sometimes referred to as PhoneGap, is a popular cross-platform mobile framework that allows developers to write…

Read More

Recent Fixes in IBMSecureRandom

I’ve written about several SecureRandom implementations in the past. While analyzing the default SecureRandom implementation in IBM JCE (v1.7) on *nix, I came across several weaknesses. IBM recently released a patch to fix the issues.…

Read More

Cigital News

TweetDeck Goes Down Due to XSS

Earlier today a 19-year-old Austrian programmer realized using “&hearts” makes a “♥” symbol in the coding language HTML used on the web. This discovery made it possible to insert program commands via tweet. A security…

Read More

Press Releases

The Silver Bullet Security Podcast