Archives Jason Macy

Protecting Against OAuth Hacks

By | Date posted: November 18, 2016

In this latest reported OAuth 2.0 hack entitled “One OAuth 2.0 hack, 1 Billion Android App Accounts potentially exposed“, it has been discovered that:

“…A remote simple hack devised by a group of security researchers threatens an amazing number of Android and iOS apps. An attacker can use the technique to sign into any victim’s mobile app account without any knowledge of the legitimate user…”

Read more

Why API Management Caught Google’s Eye

By | Date posted: October 27, 2016

Anytime one of the world’s largest and most innovative brands puts more than a half-billion dollars into an M&A deal, the market sits up and takes notice. But, when the deal involves one of the key players in the API Management space, well, it takes on an added significance.

It has been a little more than a month since Apigee announced its acquisition by Google for $625 million. What does the event mean to the broader industry – for us here at Forum Systems?

Read more

OPM Breach Proves Einstein Cybersecurity Not Enough

By | Date posted: June 8, 2015

It should come as no surprise to anyone that a major breach has occurred at OPM and took many months to detect. For far too long the cybersecurity industry has focused attempts at trying to understand a network through heuristics and analytics without the capability to enforce what the systems in the network are actually meant to do, and what information they are meant to receive and send. Read more

OpenSSL Security Vulnerabilities and other C-based Risks

By | Date posted: April 11, 2014

One of the most significant OpenSSL security vulnerabilities is the latest Heartbleed OpenSSL security flaw (CVE-2014-0160). This OpenSSL security vulnerability is again a re-affirmation that usage of C-based security modules by an enterprise company greatly increases its risk posture. You can be certain that IT security folks out there felt that they were making the right architectural decisions to secure the enterprise. The problem isn’t the intent, the problem is the premise. Applications, wrapped in security band-aids , is not a sound enterprise risk mitigation strategy. Sure, Apache and OpenSSL are widely available and have been around for a long time, but look where it has led us.

Read more