Blog

Mindgrub is an exciting, busy place. We have a wide array of projects going on at any one time, and that means lots of work for the Quality Assurance (testing) department. Simply put, managing testing resources for a constant stream of projects is a complicated task. With the rush of fluctuating deadlines, progress reports, and demands on resources’ limited time, it’s possible for some testing tasks to slip through the cracks—and that’s never acceptable.

It seems like just yesterday we traveled cross country to the little town of Portland for the annual U.S. Drupalcon.  As we left Baltimore on Sunday morning, we could tell we weren’t the only ones going out to Drupalcon.  There were quite a few travelers on the plane with “nice nodes” T-shirts or carrying enough technology with them to run what seemed like a mobile production studio.  As even more Drupal devs joined our flight in Salt Lake City, I knew I was going to the right place.

In part 1 of this series I focused on a very simple locking down of copy and paste in iOS.  Replying NO to canPerformSelector: simply removes the ability to copy and paste from the menu that appears.  Needless to say that can be a little inelegant.  Preventing data leakage can be a good thing but making your app difficult to use is not.

System wide copy and paste is built into most of the stock iOS controls without the developer having to do any extra work to enable the feature.  Sometimes for security purposes you may wish to lock down the functionality (to not allow copy and paste at all) or disallow copying and pasting between your app and other apps that may be on the device.

• According to Fox News, almost every website in existence has approximately 56 security flaws waiting to be exploited.  Additionally, the average response time to fix one of these vulnerabilities is 193 days.
• How safe are the websites that advertise “Secured by Norton” or “Paypal Verified”?  Troy Hunt has an interesting article about what the logo really means.
• An MIT professor and RSA em

• Last week we saw Living Social get hacked where the attackers made off with usernames and “cryptographically scrambled” passwords.  This week, Ars Technica reports on why we SHOULD worry about this attack.  HINT:  LinkedIn had over 6 million “cryptographically scrambled” passwords stolen last year.  Security researchers cracked 90% of them in 6 days.

I started growing Mindgrub in 2007 from my basement in Baltimore, when the iPhone was first released.  Since that time we have grown to 50 employees, made over 75 Apps for iPhone, Android, Blackberry and Windows, and learned a tremendous amount along the way.  In the early years, putting a cool app in the store was all you needed to do.  But now with Millions of apps available for download,

• Security Researchers found a couple of malware applications on the Google Play store.  The apps have over 9 million downloads.
• Krebs on Security is reporting from multiple sources that online Tea retailer Teavana has been hacked.  The attackers are said to have made off with credit and debit card information.

• Tim Medin has a nice post about putting the MY in phpMyAdmin.  How many of you have phpMyAdmin on your servers?
• I make it a policy to never scan QR codes.  You never know what might happen.

• Scribd got hacked this week putting almost 1 million passwords at risk.  If you use Scribd, you should update your password.
• The National Institute of Standards and Technology is working on putting together a Cybersecurity Framework.  The President would like you to provide insight as well.