TweakTown

iOS contained security flaw that failed to validate SSL

Apple quietly provided iOS 7.0.6 update to fix a vulnerability issue in an SSL connection verification. Many security experts concluded that there's a major security flaw found in the OS. End users ...
Threat Post

CERT/CC Enumerates Android App SSL Validation Failures

The CERT Coordination Center at Carnegie Mellon today released a list of Android applications hosted on Google Play and Amazon that it says fail to validate SSL certificates over HTTPS. A growing ...
Threat Post

Renewed Attention on Android Apps Failing SSL Validation

CERT researcher Will Dormann presented an update on his research looking at Android apps that fail to validate SSL; Google meanwhile, says it will get stricter with enforcement. SAN FRANCISCO – ...
CSOonline

Researchers propose TLS extension to detect rogue SSL certificates

A pair of security researchers have proposed an extension to the Transport Layer Security (TLS) protocol that would allow browsers to detect and block fraudulently-issued SSL certificates. Called TACK ...
Network World

Security analysis of mobile banking apps reveals significant weaknesses

A security analysis of mobile banking apps for iOS devices from 60 financial institutions around the world has revealed that many were vulnerable to various attacks and exposed sensitive information.