In an effort to expand its certificate authority capabilities and build the “foundation of a more secure web,” Google has finally launched its root certificate authority.
In past few years, we have seen Google taking many steps to show its strong support for sites using HTTPS, like:
Giving more preference to HTTPS websites in its search rankings than others.
Warning users that all HTTP
A critical vulnerability has been discovered in PHPMailer, which is one of the most popular open source PHP libraries to send emails used by more than 9 Million users worldwide.
Millions of PHP websites and popular open source web applications, including WordPress, Drupal, 1CRM, SugarCRM, Yii, and Joomla comes with PHPMailer library for sending emails using a variety of methods, including
As announced on Tuesday, the OpenSSL project team released OpenSSL version 1.1.0c that addresses three security vulnerabilities in its software.
The most serious of all is a heap-based buffer overflow bug (CVE-2016-7054) related to Transport Layer Security (TLS) connections using *-CHACHA20-POLY1305 cipher suites.
The vulnerability, reported by Robert Święcki of the Google Security Team on
A Chinese certificate authority (CA) appeared to be making a significant security blunder by handing out duplicate SSL certificates for a base domain if someone just has control over its any subdomain.
The certificate authority, named WoSign, issued a base certificate for the Github domains to an unnamed GitHub user.
But How? First of all, do you know, the traditional Digital Certificate
If you think that the HTTP/2 protocol is more secure than the standard HTTP (Hypertext Transfer Protocol), then you might be wrong, as it took researchers just four months to discover four flaws in the HTTP/2 protocol.
HTTP/2 was launched properly just in May last year after Google bundled its SPDY project into HTTP/2 in February in an effort to speed up the loading of web pages as well as
The extraordinary ‘Panama Papers leak’ from Law firm Mossack Fonseca that exposed the tax-avoiding efforts by the world’s richest and most influential members was initially believed to be the result of an unpatched vulnerability in the popular open source Drupal content management system.
Now, we are quite sure that the Panama Papers, which implicated 72 current and former heads of state, was
With the growing number of cyber attacks and data breaches, a significant number of companies and organizations have started Bug Bounty Programs to encourage hackers and security researchers to find and responsibly report bugs in their services and get a reward.
Now, even pornography sites are starting to embrace bug bounty practices in order to safeguard its user’s security.
<!– adsense –>
OpenSSL has released a series of patches against six vulnerabilities, including a pair of high-severity flaws that could allow attackers to execute malicious code on a web server as well as decrypt HTTPS traffic.
OpenSSL is an open-source cryptographic library that is the most widely being used by a significant portion of the Internet services; to cryptographically protect their sensitive Web
On Tuesday Google flipped the switch on default HTTPS support for its blog publishing service Blogspot, upping the security ante for millions of its bloggers.
In Brief
Chrome apps and extensions make things easier, but they can also do terrible things like spy on web users and collect their personal data.
But, now Google has updated its browser’s User Data Policy requiring all Chrome extension and app developers to disclose what data they collect.
Furthermore, developers are prohibited from collecting unnecessary browsing data and must also use
