With Peter out on vacation, Don and Justin were able to cut loose a little. They covered a big Verizon BGP route leak and a laptop that claims to be un-hackable. Then, John Dickson of Denim Group called in to discuss building resilient software that will withstand attacks.
The infection could take root with a simple call through WhatsApp. To make matters worse, victims may not know their phones were infected because the malware allowed attackers to erase call histories. This delivery was “particularly scary,” said security researcher John Dickson of the Denim Group, because it infected devices without any user action. “Normally a […]
Dan Cornell, CTO of Denim Group, an application security consultancy, noted that shipping devices with default SSH key pairs “might be a major issue, but it isn’t surprising. Stuff like this happens all the time.” Cornell said in order for the Cisco SSH key pair to be considered a backdoor it would have had to […]
“Digital assistants such as Alexa and Siri have a broad set of capabilities, including the ability to listen passively. People should be a bit more cautious about digital assistants, managing them like the powerful computing devices they are,” Dickson said. Because these devices are so connected and processing our data, it’s a must that basic […]
Would your organization benefit from introducing DevSecOps? Dan Cornell, CTO of application security company Denim Group, believes that most organizations would. With one caveat, though: they must realize that the transition is, first and foremost, cultural rather than technological. Breaking down barriers between DevOps teams and security teams helps to align incentives and accelerate the rate at which […]
Dan Cornell, CTO of Denim Group, an application security company, calls known vulnerabilities “silent killers.” “You can’t expect every organization to have the level of inspection to proactively catch subtle and complicated vulnerabilities,” said Cornell. “But the ‘silent killers’ are the more mundane vulnerabilities like cross-site scripting and SQL injection, which have existed and been […]