Following the lead of many major Web services, the White House on Monday announced that it would move all of the federal government’s public sites and services to HTTPS-only. Tony Scott, the federal CIO, has issued a memorandum to all federal agencies and departments instructing them to move all of their publicly accessible Web sites […]
Tag Archives: Web Security
Toshiba Addressing Vulnerabilities in its Retail Software
Toshiba has eliminated a hard-coded cryptographic key in its CHEC software, but is dealing with an information-disclosure bug in its 4690 operating system.
Bug Bounties in Crosshairs of Proposed US Wassenaar Rules
Bug bounties and rewards programs provide researchers with a measure of income, and if the proposed Wassenaar rules are implemented in the U.S., that initiatives could be adversely impacted.
Researcher Finds CSRF Bug in Wind Turbine Software
Wind turbines have been popping up across the United States in great numbers of late, and many of them are connected to the Internet. That, of course, means that these turbines are going to be natural targets for attackers and researchers. A security researcher has discovered a cross-sire request forgery vulnerability in the operating system that runs […]
Threatpost News Wrap, June 5, 2015
Dennis Fisher and Mike Mimoso discuss Facebook’s moves toward encrypted notifications and SHA-2 usage, the audit of GitHub SSH keys and the awesome OpenSesame garage door hack from Samy Kamkar.
Rights Groups Call for More Change Two Years After Snowden Revelations Began
It’s been two years now since the first stories about NSA surveillance capabilities began to appear, and the environment has shifted dramatically in that time. Awareness of and resistance to mass surveillance has increased greatly, but the changes to policy and laws that many observers had hoped for haven’t necessarily emerged. A new report from Privacy […]
Phishers Going the Long Way Round to Avoid Filtering Systems
Any human with an email address likely has gotten thousands of spam messages that look like delivery notifications, invoices, or other alleged communications from shipping companies such as UPS or DHL. They typically contain malicious attachments with exploits for a browser or plug-in vulnerability, but a researcher at the University of Cambridge has run across […]
Adware-Laden Skype Botnet Disrupted
The latest campaign to leverage Skype – a botnet circulating adware, composed entirely of Skype users – was recently disrupted by researchers.
Tesla Motors Starts Bug Bounty–But Not For Its Cars
Tesla Motors has started a bug bounty program that will pay researchers up to $1,000 for disclosing vulnerabilities. However, the rewards don’t apply to bugs found in the company’s vehicles. The program’s scope is quite narrow, with only the main teslamotors.com domain and other domains owned by the company being legitimate targets. The company’s shopping site […]
Privacy Proponents Rally In Favor of Tracking Protection in Firefox
Privacy advocates are calling on Mozilla to better deploy Tracking Protection, a technology that offers more stringent privacy and speeds up page loads by blocking requests to tracking domains, in its Firefox browser.