A new attack on the WPA2 protocol, which is used to encrypt wifi connections, has been published just recently. The attack is something that has been around for over a decade!
Overall you and l are painfully aware of cybersecurity threats; however, business implications are sometimes blurry. That’s why I’d like to address the business impact of the Spectre and Meltdown attack in a bit more detail from the business point of view.
Enforcing security policies on web applications these days is ‘relatively easy’ by using the correct headers in HTTP responses. Take the following example of an application.
A new attack on the standard of encrypting web traffic just got a new famous vulnerability. In fact, the vulnerability is nothing really new—just something from 1998 that reappeared. Cryptographer Daniel Bleichenbacher found the original vulnerability. Therefore the new version is called “Return of Bleichenbacher’s Padding Oracle” — ROBOT.
As managing directors of an IT security company, we had to be present at the 34th Chaos Communication Congress to grasp new developments in the security sphere (and have some fun as well).
Over the last days, there were multiple announcements about the Chrome browser and its new features. From an integrated ad-blocker to trust warnings on websites with no HTTPS encryption. But what is all the fuzz really about?
The times when hacking attacks were unusual and only happened to big companies are over. Hacking private and small or medium-sized companies has become a lucrative environment for many people with sufficient IT knowledge. That is why hacking is an issue facing almost everybody in the modern world. Often companies recognize the problem when it’s already too late, and valuable data (or even money) is lost. I want to show you how you can detect that your website has been hacked and what you can do to prevent such vulnerabilities.
The concept of DevOps and agility is nothing new for most companies and developers circling the sun. The most well-known frameworks (e.g. Scrum, XP etc.) are applied in many development teams and lead to many benefits for teams, companies and customers. Evidence shows that agile methods cause better performances in comparison to the outdated waterfall method. For many companies, the outdated waterfall method is the largest contributor to project failure. Another problem with traditional step-by-step programming is that products do not exactly meet customers’ demand and need to be redesigned, which takes time and costs money. Through DevOps, development teams work closely with the customer and adjust fewer things at the end of the project.
Cyber Crime is a serious threat and is becoming more and more costly and dangerous for companies is widely known by now. Most companies know that cybersecurity is an issue; however, cybercrime’s annual revenue still exceeds the investments in cybersecurity.
During the deployment of our frontend to CloudFront we encountered the problem of not being able to configure the HTTP Security Headers, which is an essential configuration for reducing the attack surface of web applications. We resolved this issue using Amazon’s new Lambda@Edge functions to attach the headers before the response is sent to the clients.
Copyright © Crashtest Security GmbH 2021. All rights reserved.