Tacoma’s IID looks to help curb cyberattacks, secures $8M from Bessemer in first-ever financing

IID has been helping organizations mitigate cyberattacks for the past 17 years, building a 65-person company in Tacoma. Now, the company, which earlier this year rolled out its ActiveTrust platform for sharing cyberattack incident data, has reeled in $8 million in funding from Bessemer Venture Partners. It marks the first outside investment in the company, which… Read More


Ten Years of Patch Tuesdays: Why It’s Time to Move On

Earlier this month, Microsoft marked the tenth anniversary of its regular “Patch Tuesday” release of security updates. There wasn’t a lot of fanfare, but there was reflection on how this new, regular process improved security for Microsoft customers and for security practices in the industry overall. Larry Seltzer and Andrew Storms both give a good… Read More


Apple says it’s not snooping on iMessages, dismisses ‘theoretical vulnerabilities’

Security research firm QuarksLab recently dropped a bombshell on iOS users with a presentation at the Hack in the Box conference that described how Apple could read your encrypted iMessages. While the method described is complex, what QuarksLab showed in a nutshell is that while messages sent through Apple’s text message replacement service are encrypted… Read More


Microsoft forks over $100,000 bounty to hacker for exposing Windows security flaw

Here’s one way to make a quick $100,000: Find security flaws in Microsoft products. That’s how much James Forshaw, a security researcher at Context Information Security, just made for finding a new exploitation technique in Windows 8.1. Forshaw previously made $9,400 for finding bugs in a preview release of Internet Explorer 11. This is the first… Read More


Yahoo now offering bug bounty of up to $15,000 following harsh criticisms for $12.50 gift

There’s nothing like a whole lot of bad press to get things moving. Yahoo touched off a firestorm on Tuesday when security firm High-Tech Bridge issued a grumpy press release detailing their compensation for turning in a pair of security vulnerabilities: a $25 gift certificate, good for products available in Yahoo’s company store. Compared to… Read More


Researchers find critical vulnerabilities in Yahoo’s site, offered $12.50 per bug

Yahoo may be in the midst of a reinvention, but according to one security company, their compensation for turning in security flaws is…lacking. According to security firm High-Tech Bridge, they found serious cross-site scripting (XSS) flaws in Yahoo’s platform, and submitted them to the search company so that Yahoo could patch the holes. But High-Tech… Read More


Microsoft announces general availability of multi-factor authentication for Azure

Software developers, want to make sure your Windows Azure logins are extra double secure? Well, now you can. Microsoft is continuing its push to make it easier to create secure cloud offerings by incorporating multi-factor authentication into its Windows Azure platform. That means developers can now build applications that incorporate multi-factor security, make VPNs more… Read More


More transparency: Microsoft not satisfied with government’s new security request plan

Back when the NSA’s snooping practices were revealed in June, Microsoft joined fellow tech giants Google and Facebook in asking the U.S. government for more transparency in regard to government requests for national security information. Late Thursday, the government responded with a plan to release annual reports detailing its requests for customer security data. Microsoft, however, isn’t satisfied and plans to… Read More


Apple slowly bringing developer resources back online following security breach

Following a security breach last week that closed down its developer website, Apple is slowly returning functionality to its tools for developers. The company has created a system status page that shows whether or not a particular service is online. Currently, iTunes Connect and the company’s bug reporter are online, and the current maintenance message… Read More


Microsoft helping Twitter crack down on child pornography with PhotoDNA technology

Microsoft helped Facebook fight against child pornography, and now the Redmond software giant is lending a hand to Twitter, too. The Guardian reported this morning that Twitter is set to implement Microsoft’s PhotoDNA technology this year to block out child pornography photos from its service. PhotoDNA, developed in conjunction with Dartmouth College, derives what amounts to… Read More


Report: Microsoft allowed NSA to bypass encryption for access to Outlook emails, Skype conversations

Throughout the year, Microsoft has lambasted Google and accused them of shady privacy policies via its “Scroogled” campaign. But now, new top-secret documents given to The Guardian by Edward Snowden shows how it was actually Microsoft allowing the NSA and FBI access to user data from platforms like Outlook, SkyDrive and Skype. Microsoft and other tech giants… Read More


Report: Flaw in Android’s security model leaves 99% of devices vulnerable to attack

UPDATE: According to a report by IDG News Service, Google has patched the Google Play store so that trojans attempting to exploit this flaw can’t be downloaded from its store. However, those same protections don’t extend beyond Google’s store. Android users, beware: there’s a very high chance you’re vulnerable to a trojan horse that could… Read More


Microsoft will pay you $150,000 to fend off hackers and find security flaws in its software

Calling all hackers: Microsoft wants your help and will pay you some big bucks for it. Starting June 26, the Redmond software giant today will debut three “bug bounty” programs that encourage computer engineers to help the company keep its products safe from a security standpoint both before and after launch. The “Mitigation Bypass Bounty,” will award $100,000… Read More


Now under scrutiny: Microsoft’s early security disclosures to U.S. officials

In the realm of tech companies cooperating with the US government, it seems that when it rains, it pours. Following revelations about Verizon giving phone data to the NSA and the NSA’s wide-reaching data collection operation, the floodgates of anonymous government sources have been opened. Almost every day there’s some new revelation about how a… Read More


Microsoft wants government to provide more transparency for security requests

Microsoft is now joining fellow tech giants Google and Facebook in asking the U.S. government for more transparency in regard to government requests for national security information. Microsoft issued this statement a short while ago, noting that it would like to provide more information than what showed up in the company’s 2012 Law Enforcement Request Report published last March…. Read More