WhatsApp, a massively popular messaging app, recently added end-to-end encryption for some mobile clients, a move that brings a high level of security to millions of users. The change is the result of a partnership with Open Whisper Systems, the secure text and mobile OS company started by security researcher Moxie Marlinspike. Twitter acquired Open […]
Tag Archives: Web Security
Matsnu Botnet DGA Discovers Power of Words
The Matsnu botnet has deployed a new domain generation algorithm that builds domain names from a list of nouns and verbs. The plain English phrases help the DGA elude detection.
Microsoft Releases Critical Out-of-Band Patch for Kerberos Bug
UPDATE–Microsoft on Tuesday released a rare out-of-band patch for a critical vulnerability in several versions of Windows and Windows Server, including Windows 8 and 8.1. The Ms14-068 vulnerability is a flaw in the Kerberos implementation in Windows that could enable an attacker to elevate his privileges on a machine from user to administrator. The bug is […]
Cisco Releases Security Analytics Framework to Open Source
Cisco’s OpenSOC, a security analytics framework, has been released to open source.
IAB Urges Designers to Make Encryption the Default
The Internet Architecture Board, the body in charge of overseeing the structure of many of the Internet’s key standards, has recommended that encryption be the default traffic option for protocols. The recommendation comes after more than 18 months of revelations about the pervasive surveillance activities online by intelligence agencies. The IAB is part of the […]
Visa, MasterCard Removing Passwords from 3D Secure
Visa and MasterCard announce plans to discontinue password use on 3D Secure, Verify by Visa and SecureCode secure payment platforms.
AT&T Drops Controversial Tracking Header
When information came out earlier this month that some mobile carriers were injecting unique identifying “supercookies” into their users’ Web traffic, privacy groups and users were angered. The practice, used by Verizon and AT&T, enables advertisers to track users’ behavior and assemble information on their activities. Now, AT&T says it has ended the practice. AT&T officials […]
Issues Arise With MS14-066 Schannel Patch
Some users who have installed the MS14-066 patch that fixes a vulnerability in the Schannel technology in Windows are having issues with the fix causing TLS negotiations to fail in some circumstances. The problem arises when users have TLS 1.2 enabled in certain configurations and it will sometimes cause processes to hang or become unresponsive from […]
Threatpost News Wrap, November 14, 2014
Mike Mimoso and Dennis Fisher talk about the Windows Schannel vulnerability and whether it’s ripe for mass exploitation, as well as the WireLurker attack and why Apple hasn’t addressed it.
Microsoft Considering Public-Key Pinning for Internet Explorer
Microsoft is considering adding public-key pinning–an important defense against man-in-the-middle attacks–to Internet Explorer. The feature is designed to help protect users against the types of MITM attacks that rely on forged certificates, which comprise a large portion of those attacks. Attackers use forged or stolen certificates to trick victims’ browsers into trusting a malicious site […]