security


Security warning for all versions of Internet Explorer

The US Department of Homeland Security posted a warning of vulnerabilities in Microsoft’s Internet Explorer web browser on their US-CERT website. The vulnerabilities could allow an attacker to execute an unauthorized remote code execution  on versions 6-11 of Internet Explorer. The Department …

Tagged , ,

Bots now outnumber humans on the internet

It may be slightly terrifying to note that you’re never truly alone when searching the internet anymore. Sure, hundreds of millions of people may be surfing the web at the same time you are, but there are now currently even …

Tagged , ,

Mozilla Firefox 23 to take a hard line against mixed SSL web content

Mozilla Firefox 23 is taking a stance against a common bad practice of websites providing mixed secure SSL and non-SSL content on a web page. This update is actually a big change for the web browser. Many browsers have ignored …

Tagged , , ,

Google Responds to Data Privacy Day

Every January 28th is Data Privacy Day in order to bring awareness to user privacy and protection of information online. Last week, Google released its bi-annual Transparency Report outlining requests for user data as well as how often Google will …

Tagged , , ,

Does proper grammar hurt cyber security?

Ashwini Rao, a Ph. D student, and her team at the Institute of Software Research discovered that using proper grammar in your passwords is a bad idea–one that weakens your security online. In the article, Stop using proper grammar, its making your passwords …

Tagged ,

Mozilla to help developers with an open-source, security-testing framework

Mozilla is building an open-source security tool that is designed to aid developers build more secure applications and websites. Security has always been a top priority for Mozilla, but they are now expanding their practice with a direct, security tool. …

Tagged , , ,

The “Do Not Track” Advertisement Blocker Not Blocking

It has been almost a year since advertisers, browser makers, privacy advocates and the Obama administration agreed to create a “Do Not Track” option for web site visiters, the functionality is not close to reality. Nor are the various constituents …

Tagged , , ,

The Web Security protocol, HSTS, wins its Proposed Standard Status

Web sites complying with the policy will automatically prompt browsers to interact with the site over a secure connection. A Web security protocol designed to protect Internet users from Internet hijackings due to unencrypted Web sites has won approval as …

Tagged , ,

Fifty percent of web spam knocked out

A large, coordinated attack by web firms, Internet security companies and ISPs against the “the Grum botnet” may have resulted in an amazing victory. The Grum botnet was one of the leading email spam sources in the world–generating around 18 billion …

Tagged ,

Gmail users are warned about state sponsored web attacks

Google has been warning it’s Gmail users of potential ‘state sponsored’ web attacks. The search giant has been explicit in describing the attacks as state sponsored: “We believe state-sponsored attackers may be attempting to compromise your account or computer” This …

Tagged

Alerts regarding Chinese censorship

The NYTimes reports on a new software feature waged in the dispute between Google and The China Government over censorship. Each time a user does a search query that may be censored in China, Google has created an alert to …

Tagged ,

Mobile security health poor in Europe, Morocco and Thailand, researcher finds

Recently, a mobile security expert, Karsten Nohl, revealed that many mobile network operators provide poor security for consumers againstunlawful surveillance and identity theft in Europe, Morocco and Thailand. His work spanned 11 countries and showed that he was able to hack into mobile conversations …

Tagged ,

Before patch, a work-around for Win32k TrueType font parsing engine

Microsoft has issued a work-around for the attack against the Win32k TrueType font parsing engine, which is an advanced piece of malicious software still undergoing analysis by researchers. As Microsoft builds a patch for the vulnerability, they have issued a temporary …

Tagged ,

Privacy concerns abated for Google Analytics bug on exit pages

Alex Moss discovered a bug with Google Analytics within the “Landing Pages” > “Exit Pages” reports will result in calling (not the expected data but) a random website. A Google spokesperson confirmed that what Alex Moss discovered was, in fact, …

Tagged ,

XML encryption may have weakness exposing API data

Researchers have recently proven that a vulnerability in XML Encryption provides a chance for attackers to gain access to sensitive information in API applications. XML Encryption is used in securing data shared between Web services by many businesses and web applications.  Researchers …

Tagged ,

How popular will QR codes be for malware developers?

QR codes are being popularized by companies all around the world, yet studies suggest that consumer usage isn’t so hot. According to a study by Toluna Quick, only 31% of UK users and consumers knew what QR codes were. Also in that …

Tagged , ,

Germany doesn’t like the Like button

The German Independent Center for Privacy Protection (ULD) cited privacy violations and banned the Facebook Like button in the German state of Schlewsing-Holstein. The center called for the Facebook Like button to be removed. The ULD assert that the technology …

Tagged , ,

US military taking cyber security lessons from the private sector

As evidenced by a new document from the DOD, DEPARTMENT OF DEFENSE STRATEGY FOR OPERATING IN CYBERSPACE, published July 2011, the US military is taking “learning lessons” from the private sector in cyber security, agility, lifecycle management and supply-chain protection. …

Tagged , ,

Is Secure DNS an answer to our Internet insecurity woes?

Problems with Internet security are becoming a common occurrence for governments, large corporations, non-profits, small businesses and individuals alike. In Singapore this week, a small but global gathering of security researchers to began the launch of an approach to online …

Tagged ,

Database security breach at Sega

Sega, the video game company, reported a database intrusion with approximately sensitive information on about 1.3 million customers may have been compromised. The comprised database was on the Sega Pass website, and the compromised information included customer names, dates of …

Tagged , ,