Microsoft is considering adding public-key pinning–an important defense against man-in-the-middle attacks–to Internet Explorer. The feature is designed to help protect users against the types of MITM attacks that rely on forged certificates, which comprise a large portion of those attacks. Attackers use forged or stolen certificates to trick victims’ browsers into trusting a malicious site […]
Researchers have published a paper that describes an Internet voting hack that alters PDF ballots in transmission.
The Electronic Frontier Foundation has backed VPN provider Golden Frog’s FCC filing that accuses ISPs of stripping out STARTTLS instructions from email messages.
The critical vulnerability in the Schannel technology in Windows that Microsoft patched Tuesday is ripe for exploitation, experts say, and continues the long line of severe vulnerabilities in major SSL/TLS implementations in recent months.
Adobe pushed out security updates for Flash Player this afternoon, addressing 18 different vulnerabilities, all critical, that could allow an attacker to take control of an affected system.
Mozilla is starting a new initiative that the company says is designed to incorporate more privacy enhancing features into Firefox and the other Mozilla products.
Five vulnerabilities were patched in the most recent update to the open source Pidgin instant messaging client.
LAS VEGAS—Nick Percoco has been thinking a lot about the future of technology, and some of the things he’s dreamed up aren’t very pretty: farms of people renting out their spare brain cycles, autonomous cars that freak out and careen into oncoming traffic and hacking groups hijacking users’ augmented reality gear and demanding ransoms to unlock […]
LAS VEGAS–One of the longest running jokes in the security industry is that each coming year finally will be The Year of PKI. While that one huge year never materialized, the use of PKI and digital certificates has become an integral part of how the Internet works today. But there are some challenges on the horizon […]
Dennis Fisher and DigiCert’s Jeremy Rowley discuss the company’s certificate issuance for Facebook’s .onion site, the challenge of key protection in today’s environment and what the near future holds for PKI.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
