Online Safety

Online safety

Some Bitdefender products break HTTPS certificate revocation

This allows man-in-the-middle attackers with access to revoked, but otherwise valid, certificates to manipulate encrypted traffic

Europol and security vendors disrupt massive Ramnit botnet

The operation seized command-and-control servers and Internet domains used by the Ramnit gang


Facebook fixed 61 high-severity flaws last year through its bug bounty program

The company paid US$1.3 million to 321 outside security researchers in 2014

'Secure' advertising tool PrivDog compromises HTTPS security

The tool replaces SSL certificates without validating them first, opening the door to man-in-the-middle attacks

Superfish security flaw also exists in other apps, non-Lenovo systems

A third-party, man-in-the-middle proxy used by Superfish is also used in other apps

Lenovo admits to Superfish screw-up, will release clean-up tool

The company confirmed that a software program preloaded on some of its laptops exposes users to potential attacks

Google Cloud offers security scanning for customer apps

The Google Cloud Security Scanner can ferret out XSS and mixed-use vulnerabilities

Lenovo PCs ship with adware that puts computers at risk

Superfish software installed on Lenovo computers uses a self-generated root certificate to intercept HTTPS communications

Microsoft adds HTTP Strict Transport Security support to Internet Explorer

Websites will now be able to instruct the browser to always reach them over HTTPS

VirusTotal tackles false positive malware detections plaguing antivirus and software vendors

VirusTotal is gathering file metadata from trusted software makers to integrate in its online scanning engine

Attackers exploit zero-day flaw in popular WordPress plug-in

Users should install newly released security patches or remove the affected plug-in

Dangerous IE vulnerability opens door to powerful phishing attacks

The flaw can be used to steal authentication cookies and inject rogue code into websites

Flash Player plagued by third zero-day flaw in a month, updates coming

Users are being targeted via mass malvertising attacks again, researchers warn

Google will motivate bug hunters to keep probing its products with research grants

The company seeks new ways to incentivize researchers as bugs become harder to find

The end for 1024-bit SSL certificates is near, Mozilla kills a few more

Website owners still using 1024-bit SSL certificates should replace them with 2048-bit ones

Mozilla puts old hardware to new use, runs Tor relays

The organization opted for running middle relays, although exit relays would have probably helped the anonymity network more

'Mastermind' Hacker Steals 20 Million Credentials From Dating Website

User names and email passwords filched

Kim Dotcom ready to take on Skype with end-to-end encrypted video calling service

MegaChat opens up for public testing

Critical Java updates fix 19 vulnerabilities, disable SSL 3.0

Future Java 7 security patches will not be publicly available so users should migrate to Java 8

invisible

How to Remain (Mostly) Invisible Online

While complete anonymity these days is nearly impossible, experts have some tips, and tools, they recommend for maintaining privacy and keeping your digital footprint as minimal as possible

Load More