How Unicode reading direction characters defeat source code inspection, and what it means for the open-source movement

There's been a recent scare that Unicode reading direction characters could be used to conceal malicious code in open-source projects. This is undoubtedly true, but that fact doesn't make it significantly harder to ensure the security of open-source code than it already is.

Categories: software development, security

Juice-jacking -- it's a problem, but not because it's a problem

Juice-jacking is the alleged practice of getting unauthorized access to the contents of a cellphone by subverting public USB charging points. It doesn't happen, and probably never has; so why has there been a recent increase in scare stories?

Categories: science and technology, security

that library?

What can the software industry learn from the Log4J security debacle?

Categories: software development, Java, security

UTF-8 and the problem of over-long characters

How an oddity in the way UTF-8 encoding works can cause all sorts of problems for unwary developers, including security weaknesses.

Categories: software development, security

Does the use of custom Android ROMs improve or worsen security?

This question is not particularly easy to answer, but understanding the implications helps.

Categories: general computing, security