How a Single-Character Coding Error Led to a Major Data Leak

If you don’t follow the tech Twitter-verse as obsessively as we do, you may not be aware that a major data breach at Cloudflare has put user passwords, messages and other information at risk all over the internet. Cloudflare provides web security and performance services for companies like Uber and OkCupid, among many, many others.…

Java Security Updates May Not Actually Be Secure

With Java SE reportedly installed on 850 million PCs, the “Java Update Available” popup has become a well known nuisance.  But keeping software up-to-date is supposed to help protect us.  According to the FTC, Java updates might be an exception to that rule. The key issue is that Java updates have not always removed older…

Microsoft Releases Azure Active Directory Domain Services

Microsoft has released a public preview for their new Azure Active Directory Domain Services feature in Azure Active Directory.  This feature allows you to establish virtual network domains in Azure. Azure AD Domain Services is an entirely new concept. It’s a cloud based service which gives you a fully Windows Server Active Directory compatible set…

6 Things You Should Know About SQL Server 2016 Always On Encryption

The upcoming SQL Server 2016 release promises many new features including a “Stretch” feature which allows you to automatically archive older data to the cloud, enhanced in-memory OLTP functionality, and several new enhancements in security.  One of the most interesting new security features is Always On Encryption.  Here are 6 things you should know about this…

OAuth 2.0 Part 2 – The Four Party Diagram

Understanding the Four Party Diagram In the last post, we made it through defining the four roles represented in the four party diagram. Now we’re going to dig into the arrows that represent information flowing between the parties. Authorization Request This is conceptually straightforward. The client needs to ask the resource owner for permission to…

Which Mobile OS Do You Trust?

With recent revelations from the RSA Security Conference highlighting gaping security holes in iOS8 as well as pointing out that many Android apps don’t perform proper SSL validation, one has to wonder is their mobile data safe anywhere? Amit Yoran, President of the RSA kicked off their company’s annual conference with a scathing commentary on…

Keep Your Software Off Our Hardware!

No, this isn’t a cleverly disguised double entendre, we really mean it.  Keep your software off our hardware!  The recent reports of Lenovo preloading Adware Superfish onto their laptops is only one of several recent indications that hardware suppliers may not have our best interests at heart. Earlier this week it was announced that Lenovo…

Get 2015 Started Off on the Right Foot

Get ready to put your best foot forward with these geek tips for starting the new year right. As 2014 draws to a close, we begin look ahead for what lies in store for the next year.  While most New Year’s resolutions seldom see February 1st, these tech tips can be implemented so fast you won’t…

New Report Sites Significant Security Vulnerabilities in Android Devices

Security firm TrendMicro has released a new report that states that 75% of users are vulnerable to multiple attacks. In their latest Quarterly Security Roundup, TrendLabs calls out several key vulnerabilities in recent Android OS including the FakeID issue and Android Browser flaws.  The FakeID vulnerability was originally discovered earlier this year by BlueBox Labs and…