LAS VEGAS–The Internet that we use today was not designed as a cohesive network. It was put together from found bits and pieces over the course of the last few decades, and, as major bugs such as Heartbleed and others have shown, it’s a frighteningly fragile construction. Attackers know this as well as anyone, and […]
Tag Archives: Web Security
DigiCert Considering Certs for Hidden Services Beyond Facebook
DigiCert explains why it issued a signed certificate to Facebook’s .Onion Tor domain, noting it may offer more hidden services certs in the future.
Be Ready: Next Internet Bug Won’t Be The Last
Panelists at the Advanced Cyber Security Center annual conference discuss how readiness for the next Internet-scale bug is no longer a luxury.
NSA Director Says Agency Shares Vast Majority of Bugs it Finds
When the National Security Agency discovers a new vulnerability that looks like it might be of use in penetrating target networks, the agency considers a number of factors, including how popular the affected software is and where it’s typically deployed, before deciding whether to share the new bug. The agency shares most of the bugs […]
Google Releases Nogotofail Tool to Test Network Security
The last year has produced a rogues’ gallery of vulnerabilities in transport layer security implementations and new attacks on the key protocols, from Heartbleed to the Apple gotofail flaw to the recent POODLE attack. To help developers and security researchers identify applications that are vulnerable to known SSL/TLS attacks and configuration problems, Google is releasing a […]
Facebook Creates .Onion Site; Now Accessible Via Tor Network
Facebook has entered the hidden services with a new .onion site that will let Tor Network users sign into the world’s (second) most populace social network.
Google Working on Tool to Gather Stats While Preserving Privacy
Google is working on a new system that enables the company to collect randomized information about the way that users are affected by unwanted software on their machines, without gathering identifying data about the users. The system is known as RAPPOR (Randomized Aggregatable Privacy-Preserving Ordinal Response) and Google currently is testing it in Chrome. The […]
Assume ‘Every Drupal 7 Site Was Compromised’ Unless Patched By Oct. 15
The maintainers of the Drupal content management system are warning users that any site owners who haven’t patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be compromised.
Popular Science Website Infected, Serving Malware
The website of Popular Science magazine was found infecting users with malware via the RIG exploit kit.
Microsoft Plans to Disable SSLv3 in IE, All Online Services
Microsoft is planning to disable support for the weak SSLv3 protocol in Internet Explorer at some undetermined point in the future, and also will remove support for it in the company’s online services soon. The security and utility of SSLv3 has been an issue for a long time, but it came into sharper focus earlier […]