‘Padding Oracle’ Crypto Attack Affects Millions of ASP.NET Apps

Apple’s secret ‘wispr’ request

Automated Padding Oracle Attacks with PadBuster

Cell Phones Powered by Conversation?

Consumerization and Corporate IT Security

Exploring Stuxnet’s PLC Infection Process

Feature: Compromising Twitter’s OAuth security system

Hackers blind quantum cryptographers

How dangerous is image file metadata?

Iceberg – Dead Ahead

Implementing two Factor Authentication on the Cheap, (Tue, Sep 21st)

Integrity Levels and DLL Injection

Is that Bill Gates staring back at you from Outlook 2010?

IT Security Workers Are Most Gullible of All: Study

Making Penetration Testers Lives Awful

Malware Analysis and Response Step by Step Decision Tree

Not every elliptic curve is the same: trough on ECC security

Prior Knowledge Of User’s Cert Warning Behavior

Product management and organization

Researcher Claims ‘Evercookie’ Can’t Be Removed

Security issues on Android

Setting a Bad Example: How Not To Validate User Input

SIP / VoIP Firewall: Differencies between Telephony and Security world

Spammers Introduce New Email Internet Headers

Static Analysis Fatigue

The brain speaks: Scientists decode words from brain signals

The Effect of Snakeoil Security

The names and faces behind the ‘onMouseOver’ Twitter worm attack

Thoughts on ‘Cyber Weapons’

Website Security Statistics Report (2010) – Industry Bechmarks

What to do if your Facebook profile has been hacked

Why do you spend time verifying vulnerability reports?

Why Not Mix Signed and Unsigned Values in C/C++?