It’s an interesting time for certificate authorities. On the one hand, interest has never been higher in Web encryption, privacy and transport security, thanks to Edward Snowden. But on the other hand, the last few years has seen a steady stream of compromises of CAs, mis-issued certificates and other problems. CAs hold the security and […]
Tag Archives: Web Security
US-CERT Warns of Issues With DNS Zone Transfer Requests
The US-CERT is warning administrators and network operators that a misconfiguration issue with some DNS servers that has been known about for more than 15 years and can give attackers detailed information about DNS zones is coming back around thanks to new scans that show a high number of servers vulnerable to the issue. The problem […]
As Ransomware Attacks Evolve, More Potential Victims Are at Risk
In early December, as most people were dealing with the stress of looking for the perfect holiday gifts and planning out their upcoming celebrations, police officers in a small New England town were under a different sort of pressure. The vital files and data the Tewksbury Police Department needed to go about its daily business had been encrypted […]
New SMB Flaw Affects All Versions of Windows
There is a serious vulnerability in all supported versions of Windows that can allow an attacker who has control of some portion of a victim’s network traffic to steal users’ credentials for valuable services. The bug is related to the way that Windows and other software handles some HTTP requests, and researchers say it affects […]
Coordinated Takedown Puts End to Simda Botnet
A coordinated operation between international police and private technology companies shuts down the Simda botnet.
Github Attack Perpetrated by China’s Great Cannon Traffic Injection Tool
The Great Firewall’s offensive counterpart, the Great Cannon, which inject malicious scripts to reroute traffic, is responsible for recent massive DDoS attacks targeting Github and GreatFire.org.
Apple Leaves CNNIC Root in iOS, OSX Certificate Trust Lists
When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether, Apple has kept the root certificates in its trusted store for both iOS and OSX. Apple on Wednesday released […]
Apple iOS 8.3 Includes Long List of Security Fixes
Apple has released iOS 8.3, a major security upgrade for iPhone and iPad users that includes patches for more than three dozen vulnerabilities. The new version of iOS has security fixes for several vulnerabilities in the mobile operating system’s kernel, a handful of code-execution bugs and a long list of WebKit vulnerabilities. Apple also patched […]
New Coalition Launches Fight Against Patriot Act Section 215
A broad group of civil-rights, technology and political groups from across the spectrum has developed a new initiative to advocate for the repeal of Section 215 of the USA PATRIOT Act, the part that provides the authority for the bulk collection of phone metadata and other information. The new group is calling itself Fight215.org and […]
Two NTP Key Authentication Vulnerabilities Patched
DHS warns of two symmetric key authentication vulnerabilities in the NTP protocol that were patched this week.