Online Safety

Online safety

Microsoft blacklists latest rogue SSL certificates, Mozilla mulls sanctions for issuer

Microsoft revoked trust in an intermediate CA certificate that was used to issue unauthorized certificates for Google websites

Flash-based vulnerability lingers on many websites three years later

A large number of developers have failed to patch their Flash applications against a vulnerability that can be exploited to target Web users


All major browsers hacked at Pwn2Own contest

Adobe Reader and Flash Player fell as well

At least 700,000 routers given to customers by ISPs are vulnerable to hacking

The devices have serious flaws that enable unauthorized remote access and DNS hijacking, a researcher found

IT manager gets certificate for Microsoft domain, tries to report it but gets in trouble

He tried to alert the company in January, but the company never got his emails, and later suspended his Microsoft account

EMET security tool updated to prevent VBScript God Mode attacks

Microsoft was forced to release EMET 5.2 again because customers experienced issues with the first variant

Microsoft blacklists fraudulently issued SSL certificate

An unauthorized party managed to obtain a SSL certificate for Microsoft's live.fi domain name

Yahoo's new on-demand password system is no replacement for two-factor authentication

The new authentication option offers better security than static passwords, but it's not as strong as two-step verification

Hackers

The Internet of Dangerous Things

The Internet of Dangerous Things is made up of Things that Annoy, Things that Spy and Things that Destroy. Dealing with these dangerous things will require a unique security architecture referred to as 'Fault Lines and Fuses'...

Tool allows account hijacking on sites that use Facebook Login

Attackers can force users to associate their accounts on other sites with malicious Facebook accounts

lenovo superfish how to remove

Web Browsers Also to Blame for Lenovo's Superfish Fiasco

That no Web browser prominently displays the name of the Certificate Authority vouching for a supposedly secure website makes man-in-the-middle attacks, such as the one by Superfish, possible. Techies can find this information, but it...

Adobe invites help hunting vulnerabilities in its online services

The company offers no bounties, just public kudos

Some Bitdefender products break HTTPS certificate revocation

This allows man-in-the-middle attackers with access to revoked, but otherwise valid, certificates to manipulate encrypted traffic

Europol and security vendors disrupt massive Ramnit botnet

The operation seized command-and-control servers and Internet domains used by the Ramnit gang

Facebook fixed 61 high-severity flaws last year through its bug bounty program

The company paid US$1.3 million to 321 outside security researchers in 2014

'Secure' advertising tool PrivDog compromises HTTPS security

The tool replaces SSL certificates without validating them first, opening the door to man-in-the-middle attacks

Superfish security flaw also exists in other apps, non-Lenovo systems

A third-party, man-in-the-middle proxy used by Superfish is also used in other apps

Lenovo admits to Superfish screw-up, will release clean-up tool

The company confirmed that a software program preloaded on some of its laptops exposes users to potential attacks

Google Cloud offers security scanning for customer apps

The Google Cloud Security Scanner can ferret out XSS and mixed-use vulnerabilities

Lenovo PCs ship with adware that puts computers at risk

Superfish software installed on Lenovo computers uses a self-generated root certificate to intercept HTTPS communications

Load More