Posts Tagged ‘dhs’

Even DHS Blindly Accepts Invalid SSL Certificates

Via Forbes: On page 37, DHS instructs analysts to accept invalid SSL certificates forever without verification. Although invalid SSL warnings often appear in benign situations, they can also signal a man-in-the-middle attack. Not a good practice for the security conscience. I think that’s grounds for termination by incompetence for whomever was behind that. DHS Phishing […]

DHS helping to secure open-source software

CNet News is reporting that Homeland Security is sponsoring an effort to secure open source software. According to the article: In the effort, which the government agency calls the “Vulnerability Discovery and Remediation, Open Source Hardening Project,” Stanford and Coverity will build and maintain a system that does daily scans of code contributed to popular […]