Online safety

News, blogs, analysis, tips, discussion and how-to about online safety.

News

Don't overlook URL fetching agents when fixing Heartbleed flaw on servers, researchers say

TLS clients are also vulnerable to Heartbleed memory leaking attacks, including server-side applications that fetch user-supplied URLs Full Story »
News

Website Operators Will have a Hard Time Dealing with the Heartbleed Vulnerability

Patching the vulnerable OpenSSL software is just the first step, security experts say

News

Yahoo email anti-spoofing policy breaks mailing lists

Yahoo moved to a more aggressive DMARC policy that creates email delivery issues on mailing lists for yahoo.com users, email experts said

News

Low Adoption Rate of HSTS Website Security Mechanism is Worrying, EFF Says

The advocacy group cites insufficient awareness among developers and lack of support across all browsers as the likely reasons

News

XSS Flaw in Popular Video-sharing Site Enabled DDoS Attack Through Visitors' Browsers

Attackers exploited the vulnerability to hijack 22,000 browsers and launch a large-scale DDoS attack, researchers from Incapsula said

News

Microsoft to Start Blocking Adware That Lacks Easy Uninstall

The company revised the policies for classifying, detecting and handling adware programs in its security software

News

Google Amends Terms to Clarify That Data is Analyzed for Ads

The company seeks to add greater clarity around its scanning of data such as email content

News

Users Face Serious Threat As Hackers Take Aim At Routers, Embedded Devices

Attacks are likely to continue and manufacturers are largely unprepared to respond, security researchers say

News

Researchers Publicly Disclose Vulnerabilities in Oracle Java Cloud Service

The flaws could allow attackers to break into Java applications hosted on the service, researchers from Security Explorations said

News

Hacked passwords can enable remote unlocking, tracking of Tesla cars

Tesla Motors accounts that enable remote car control are only protected by six-character passwords, researcher says

News

Full Disclosure Security Mailing List Reborn Under New Management

Nmap creator sets up a replacement for the recently closed Full Disclosure security mailing list

News

Gameover Malware Targets Accounts on Employment Websites

In addition to CareerBuilder, new variants of the Trojan program target Monster.com, researchers from F-Secure said

News

New Bitcrypt Ransomware Variant Distributed By Bitcoin Stealing Malware

Victims are asked to make bitcoin payments to recover encrypted files after their bitcoin wallets might have already been emptied

News

Proprietary Firmware Poses a Security Threat, Ubuntu Founder Says

Hardware manufacturers should move the software part of their innovations into the Linux kernel, Mark Shuttleworth said

News

Bitcoin-Stealing Malware Hidden in Mt. Gox Data Dump, Researcher Says

An archive containing transaction records from Mt. Gox that was released on the Internet last week by the hackers who compromised the blog of Mt. Gox CEO Mark Karpeles also contains bitcoin-stealing malware for Windows and Mac.