Stories by Jeremy Kirk

Google+

An SDN vulnerability forced OpenDaylight to focus on security

Open-source software projects are often well intended, but security can take a back seat to making the code work.

Facebook's Like button can still easily be gamed

Facebook's Like button is a pervasive feature of the Web, a way to gauge the popularity of a website or piece of content. But researchers have found it's easy to inflate the numbers, undermining its value as an accurate measure of popularity.

Egyptian company says rogue Google SSL certificates were a mistake

An Egyptian company that created unauthorized digital certificates for several Google domains said Wednesday it made a mistake and acted quickly when the error became known.

Zero day, Web browser vulnerabilities spike in 2014

The number of zero-day and Web browser vulnerabilities shot up in 2014, but overall software vendors are patching faster.

Android flaw puts personal data at risk for millions

Nearly half of Android devices are vulnerable to an attack that could replace a legitimate app with malicious software that can collect sensitive data from a phone.

Security startup records a year's network data

A security startup has developed a platform that gives security professionals a much larger picture of what has happened on their network, even if they might have missed the initial signs of an intrusion.

Google catches bad digital certificates from Egyptian company

Google said Monday an Egyptian company issued digital certificates that could have been used to intercept data traffic to its services, which did not appear to have been abused.

Fake patient data could have been uploaded through SAP medical app

SAP has fixed two flaws in a mobile medical app, one of which could have allowed an attacker to upload fake patient data.

To avoid NSA, Cisco gear gets delivered to strange addresses

One of the most successful U.S. National Security Agency spying programs involved intercepting IT equipment en route to customers and modifying it.

Mandrill warns attack may have exposed some data about email

Mandrill warned customers on Wednesday that some email-related data may have been exposed after attackers tried to lasso some of its servers into a botnet.

Premera, Anthem data breaches linked by similar hacking tactics

Premera Blue Cross may have been attacked using the same methods employed against its fellow health insurer Anthem, suggesting that a single group may be behind both breaches.

Hundreds of Android and iOS apps are still vulnerable to FREAK attacks

Hundreds of Android and iOS apps are still vulnerable to a dangerous attack revealed two weeks ago that can compromise encrypted data, a security vendor said Tuesday.

Premera Blue Cross says data breach may affect 11 million customers

As many as 11 million customers may have been affected by a data breach at U.S. health insurance provider Premera Blue Cross, in the second large attack against the health care industry disclosed in the last two months.

OpenSSL mystery patches due for release Thursday

New versions of OpenSSL will be released on Thursday to patch several security vulnerabilities, one of which is considered highly serious, according to the OpenSSL Project Team.

Researchers find same RSA encryption key used 28,000 times

What if the key to your house was shared with 28,000 other homes?