12. October 2016 08:25
Obfuscation is the practice of making something difficult to understand. Programming code is often obfuscated to protect intellectual property and prevent an attacker from reverse engineering a proprietary software program.
Obfuscation may involve encrypting some or all of the code, stripping out potentially revealing metadata, renaming useful class and variable names to meaningless labels or adding unused or meaningless code to an application binary. A tool called an obfuscator can be used to automatically convert straight-forward source code into a program that works the same way, but is much harder to read and understand.
Another reason for obfuscating code is to prevent it from being attacked. Programs written in software languages that are compiled, such as C or C++ lend themselves to obfuscation. Unfortunately, malicious code writers who want to hide or disguise their code's true purpose also use obfuscation to prevent their malware from being detected by signature-based antimalware tools. Deobfuscation techniques, such as program slicing, can sometimes be used to reverse engineer obfuscation.
7. September 2016 09:44
The 3 big takeaways for TechRepublic readers
1. A recent study by Softchoice has shown that less than 1% of enterprise organizations have upgraded their Windows devices to Windows 10, even a full year after the OS was released.
2. Most business were still running Windows 7, according to the study, as Windows 8 also saw poor adoption rates after its release.
3. A plethora of concerns over privacy and functionality, combined with the effort it takes to upgrade a whole organization, likely led to the low adoption numbers for Windows 10.
For more details, click on http://www.techrepublic.com/article/99-of-businesses-have-not-upgraded-to-windows-10-according-to-study/?ftag=TREe09998f&bhid=10269272
6. September 2016 16:41
A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.
Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.
Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1. In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.
While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.
Copyright 2016 TechTarget