Monday, June 2, 2014

Application security in the news

PCWorld has a story this morning noting that "Nice Systems of Israel said it patched remaining critical flaws in its call recording software used by law enforcement, but the consultancy that discovered the risky flaws hasn’t verified the fixes."

"The firm’s advisory describes nine vulnerabilities in Recording eXpress, six of which were ranked as serious. Some of the flaws could allow attackers to access call recordings and crack open a database showing the names of people whose calls are being monitored, which could potentially wreck a law enforcement investigation.

Over the course of three months earlier this year, Nice Systems patched a few of the problems, but some remained. Last week, SEC Consult went public with its findings, warning organizations to not use the software until at least five outstanding issues were fixed."

So, not only do you have to worry about validation of your tools, you should also be concerned about application security ... especially when your applications contain sensitive or personal information.

No comments: