It’s that time of the week again: the time where we take a look at what local security bloggers have been up to. You can take a look at what local security bloggers have been up to but if you can’t get enough of the local security scene, check out our NovaInfosec Twits listfor even more great security blogs and people to follow on Twitter.
Also be sure to follow myself (@nathiet), @grecs, and @novainfosec on Twitter if you want to know more about what’s going on in the local security community during the week. Without further ado … here are the top picks for this week.
#3 -Revisiting Android TapJacking: Recently we have had more jacking vulnerabilities and surely we didn’t need another one. Jack Mannino looks at TapJacking “TapJacking is a relatively easy vulnerability for a malicious application to leverage in Android prior to version 2.3 (Gingerbread).” to raise awareness and provide developers with a friendly reminder that they are still on the hook to defend against this in their applications. Click here to learn more about TapJacking.
#2 –Misunderstanding Risk Analysis: With the stir that the “Understanding and Managing Risk in Security Systems for the DOE Nuclear Weapons Complex” report caused, Ben Tomhave looks at the misunderstandings and summarizes them for us “The fundamental problem with the report is that it seems to be both misleading and misinformed.” Click here if you want to read more of his post and just for good measure we have included the post that inspired him to write about the report here.
#1 -The Marginal Utility of Breach Data: How do you use data breach reports? Ben Tomhave looks at the “reality” “data is not collected through some form of population sampling, but rather the data is “self-selected” by virtue of an incident occurring” of data breach reports whether they are from Verizon DBIR or White Hat Security and Veracode. Click here to read the post as important issues are raised by Ben Tomhave.
Well, that’s all this week. Be sure to check back next week for more great blog posts from local security bloggers.