Think perimeter security is enough? Think again…

Most of the data breaches you hear about these days are assessed from the server side. Take a recent incident in the financial services industry—a serious malware attack on the Polish banking sector that was tied to a campaign targeting organizations in more than 30 countries. In this case, a web application was infected with malicious code that spread from workstation to workstation. The malware was injected on the server side and then spread to clients using JavaScript embedded in the website. The truth is, this type of attack is the easiest to prevent.

The European Banking Authority warns against Man-in-the-Middle attacks

As discussed in a previous blog, the European Banking Authority (EBA) has released the final draft of its technical guidance for PSD2. Articles 4 and 25 of said guidance include mandates for the security of the customer authentication process.

One of the key elements of the authentication mandate is the requirement to use advanced security technology to safeguard all client-to-server communications against interception. In other words, to protect against MitM (Man-in-the-Middle) attacks.

Thinking differently about software security: Inside-Out

We live in a very different world today than we did 10-20 years ago. We’ve never been more connected. So, it’s surprising that software security practices remain in the realm of “We’ve always done it this way before”. Can they really expect to solve today’s security problems with an old way of thinking?

Traditional thinking
Traditional thinking typically starts with the premise that honest parties control the computer devices and any cryptographic operations are performed free from interference from would-be attackers. Given this, it’s probably understandable

Cryptography is everywhere in day-to-day life

Cryptography is no longer limited to the military and spies. This ancient art underpins modern life. It’s about encoding intelligible data, e.g. numbers, text and transforming them into something unreadable to anyone other than who the information is meant for. The question is, does it need an upgrade for today’s always connected world?

How secure is your house?
Hundreds of times a day we use cryptography in our everyday life. From the lock on the website that you’re browsing, remotely unlocking your car with the key fob to using all kinds of devices.

APIs – friend or foe?

APIs are everywhere in modern day life. We rely on them to access services on mobiles, tablets and laptops. Without them our day-to-day life wouldn’t be the same. Yet they are also increasing the attack surface. Are they really a friend to e-commerce or to cybercrime?

e-Commerce’s friend
APIs are not new. They’ve been around a long time. APIs are key to building scalable web-based applications as they allow and manage the interaction between 2 online connected services.

Does the security auditor have a point?

On a recent flight, I was sat next to a security auditor. He asked “can someone steal keys used to encrypt credit cards from the server memory?” It depends, was my reply. But his question left me wondering. Why hasn’t anyone built a server side white box implementation?

Why does it depend?
Like any implementation, some are more secure than others. If the server side code was using ‘standard cryptographic APIs’ and they were black box implementations then

Bringing trust back into the relationship

Browser security isn’t a new problem. Apple, Google, Microsoft and Mozilla have put a huge amount of effort into enabling consumers to have a secure browsing experience. But who’s thinking about the web site operators and their secure browsing experience?

Trust online
Internet trust is dependent on certification authorities; with TLS/SSL being the most commonly used technology for securing electronic commerce transactions online. It’s all about enabling the consumer to access web services and be reasonably confident they know who they are talking to.

Is the next-generation white box cryptography the new Jedi?

In Star Wars: The Force Awakens, the sinister First Order dominates the galaxy, with only a small band of trusted resistance fighters left. What’s the link to today’s software world you may ask? It all comes down to the power of cryptography to defeat the dark side.

In this software controlled world the need for software protection is unavoidable. This protection extends to all aspects of day-to-day life. It could be securing your credit card details when shopping on line or a business safeguarding a remote network connection to even protecting premium content such as a blockbuster movie.