Skip the navigation

Application Security Topic Center

Application security news, in-depth articles and more

Application Security News

Microsoft offers multifactor authentication to all Office 365 users

Microsoft is offering multifactor authentication free as an option to all users of its Office 365 suite, a hosted set of Microsoft Office tools and applications.

Will teens be scared off by Snapchat hack? Probably not

Snapchat, a social media company with a popular photo-messaging app, has taken a blow with a recent hack affecting 4.6 million users.

Flashlight app vendor settles with FTC over privacy violations

The maker of a popular flashlight app for Android phones has agreed to settle charges brought by the Federal Trade Commission that it left consumers in the dark about its data-sharing practices.

Facebook forces some users to reset passwords because of Adobe data breach

Facebook locked some users out of their accounts after determining that their log-in credentials were exposed as a result of a security breach at Adobe. The company is asking users who used the same log-in credentials for Adobe's online services and Facebook to verify their identity and change their password.

Google clamps down on password security in Chrome 'Canary'

Google has begun work on shutting a hole in its Chrome browser that lets casual thieves steal website and Web service passwords.

Oracle plugs critical security holes that are putting systems at risk

Oracle fixed on Tuesday 127 security issues in Java, its database and other products, patching some flaws that could let attackers take over systems.

Three indicted in alleged source code theft from trading house

Two former traders and a third man have been indicted in New York State Supreme Court for allegedly stealing source code and trading strategy files from a brokerage company with headquarters in the Netherlands.

Intel to acquire network security firm Sensory Networks

Intel has signed a deal to acquire Sensory Networks, a provider of software pattern matching technology for network security applications.

Google yanks sketchy iMessage clone for Android from app store

An app that purportedly spoofed a Mac so that Android smartphone and tablet owners could send and receive text-like messages through Apple's iMessage service disappeared today from the Google Play app store.

Failed UTP SIP system shutters Nasdaq trading

Nasdaq's unprecedented trading halt today stemmed from a technical glitch with a core data feed that disseminates market data for Nasdaq-listed securities.

Application Security In Depth

7 all-in-one security suites: Anti-malware for all your devices

Today's security suites try to protect all (or most) of your devices, and provide Web-based management. We examine how seven major applications compare in terms of features, ease of use and which devices they actually protect.

Evan Schuman: Your data exposed -- Delta, Facebook, others latest to fall into mobile app trap and eHarmony also among those now saying, 'We didn't know our mobile apps did that.'

Are your smartphone apps selling you out?

Apple's App Store, Google's Play store and other app stores are packed with apps that can compromise your security and privacy without you ever knowing anything bad happened. What's a mobile app user to do?

Security Manager's Journal: Hashing out secure applications

In-house developers show themselves to be woefully behind the times when it comes to security via authentication.

Security Manager's Journal: Thinking about passwords

The passwords most people choose could be stronger, but providers need to make it easier to create really strong passphrases. And when will we be able to leave passwords behind and use alternative authentication methods instead?

Bug bounties: Bad dog! Have a treat!

Bug bounty programs are probably very cost-effective for software vendors, but they reward bad behavior.

The true root causes of software security failures

Developers being overly trusting is one of them.

Security Manager's Journal: Rights can be so wrong

Windows service accounts used by software are often given domain administrator rights, just because it's quick and easy. That sort of thing rubs security managers the wrong way.

There's no magic pill for security

Too often, New Year's resolutions to get into better shape are derailed because of a lack of realistic planning. The same thing happens in the security sphere.

Security Manager's Journal: A reality check for the department's maturity

An assessment of the information security department shows that it has a lot of growing up to do yet.