Google engineers have spent the last several years moving many of the company’s online services to encrypted links. Gmail is HTTPS by default, and Google search is done over SSL for much of the world. Now the company is working to move its ad-serving and ad-buying platforms to HTTPS, as well. Google’s ad networks are pervasive[…]
Browsing Category: Web Security
Dennis Fisher and Mike Mimoso discuss the Windows HTTP.sys vulnerability, Google’s decision to turn off the NPAPI in Chrome and the voting machine security disaster in Virginia.
Public denial-of-service exploits for a critical vulnerability in Microsoft’s implementation of the HTTP protocol stack, HTTP.sys are under way, while remote code execution attacks may still be to come.
With the release of Chrome 42 this week, Google fixed more than 40 vulnerabilities. But the most significant security change in the new browser is Google’s decision to disable the NPAPI, essentially turning off plugins such as Java and Silverlight by default. The decision didn’t come out of nowhere. Google warned developers and users about it[…]
SearchBlox, a provider of enterprise search technology, has patched several serious vulnerabilities in its flagship product, including cross-site scripting, cross-site request forgery and other issues. The company, which sells a variety of enterprise search products, has released version 8.2 of the main SearchBlox product to address the vulnerabilities, which were report to the CERT/CC at[…]
Apple recently fixed a cookie vulnerability that existed in all versions of Safari – iOS, OS X, and Windows – that may have affected 1 billion devices.
Dell released its annual threat report yesterday, ringing the alarm bells on point-of-sale and industrial control system attack in 2014 and beyond.
Google has released Chrome 42, a major security upgrade to the browser that includes patches for 45 vulnerabilities. The latest version of Chrome carries with it fixes for a number of high-severity bugs, including a cross-origin bypass in the HTML parser. That vulnerability earned an anonymous security researcher a reward of $7,500 from Google. In all,[…]
It’s an interesting time for certificate authorities. On the one hand, interest has never been higher in Web encryption, privacy and transport security, thanks to Edward Snowden. But on the other hand, the last few years has seen a steady stream of compromises of CAs, mis-issued certificates and other problems. CAs hold the security and[…]