A Hewlett-Packard assessment of Apple iOS applications in the commercial segment says 90% have security flaws and 86% of tested apps are unable to defend against exploits such as cross-site scripting. "It is our earnest belief that the pace and cost of development in the mobile space has hampered security efforts," HP's report says.
Nasdaq's website contained a significant cross-site scripting vulnerability before it was fixed Monday, according to High-Tech Bridge, a penetration-testing company. The flaw remained in place for two weeks after the company notified Nasdaq staff about it, CEO Ilia Kolochenko said. "We responded to his concerns immediately," Nasdaq said in a statement. "We take all information security matters seriously. We work with leading security vendors and have a trained and professional team that evaluates all credible threats across our digital assets."
A security vulnerability in a Broadcom chipset used in a variety of routers left 4.5 million DSL modems in Brazil open to cyber-attacks, according to Fabio Assolini, a researcher at Kaspersky Lab. Hackers were able to install malware and direct computers to malicious websites through a cross-site request forgery flaw, he reported.
Promising employees need special support from their boss to reach their full potential, Cy Wakeman writes. Spot your top employees, focus on those visionaries and be sure to reward them adequately, she suggests. "Compensate your best people in direct proportion to the value they deliver, not according to their effort, hours clocked or daily tasks accomplished," Wakeman writes.
Hewlett-Packard has unveiled HP SWFScan, a Web security tool designed to help Flash developers identify and monitor security vulnerabilities, including cross-site scripting and SQL injection attacks that can make use of Flash applications. "You have a large number of people flocking into the Web development space that don't necessarily have Web experience," said Billy Hoffman, HP Web security research group manager. "Approaching security on a Web app is vastly different than how you approach security on a desktop."