Google Moves to Boost Search Ranking For HTTPS Sites
Google has been testing a method for taking into account whether a site uses HTTPS as part of its search ranking, and officials say it has returned positive results so far.
Web Security
IE to Block Older ActiveX Controls, Starting with Java
Microsoft announced that it will block older ActiveX controls in Internet Explorer, starting with Java.
Podcast: Black Hat News Wrap
Dennis Fisher, Mike Mimoso and Brian Donohue discuss the news from day one of Black Hat, including the Dan Geer keynote, attacks on mobile broadband modems and carriers’ control of mobile phones. Download: Black-Hat-Day-One-Podcast.mp3 Music by Chris Gonsalves
LAS VEGAS–Yahoo plans to enable end-to-end encryption for all of its Mail users next year. The company is working with Google on the project and the encryption will be mostly transparent for users, making it as simple as possible to use. Alex Stamos, CISO at Yahoo, said that the project has been a priority since […]
LAS VEGAS–The takedown of the GameOver Zeus malware operation in June got more than its share of attention, but it was the concurrent demolition of the CryptoLocker ransomware infrastructure that may prove to have been the most important part of the operation. That outcome was the culmination of months of behind the scenes work by […]
Dennis Fisher talks with Wendy Nather of 451 Research about the happenings on day one of Black Hat, the possibility of the US government disrupting the vulnerability market and software liability. Download: Wendy-Nather-on-the-Black-Hat-Buzz.mp3
LAS VEGAS–David Litchfield for many years was one of the top bug hunters in the game and specialized in causing large-scale headaches for Oracle. When he decided to retire and go scuba diving, there likely were few tears shed in Redwood City. Litchfield recently decided to resurface, which is good news for the security community […]
LAS VEGAS–Mobile broadband modems can be a great alternative if you can’t find a WiFi network or don’t trust the ones you can find. But many of the models sold by the major manufacturers contain bugs and functionality that a remote attacker can exploit without much difficulty. Much of the market for these devices is […]
A security researcher has uncovered a simple method for bypassing the two-factor authentication mechanism that PayPal uses to protect accounts that are tied to eBay accounts. The vulnerability is related to the way that the login flow works when a user is prompted to connect her eBay account to her PayPal account. The eBay and […]
In this special edition of the Digital Underground Podcast, Dennis Fisher interviews fellow Threatpost editor Mike Mimoso and also Threatpost reporter Brian Donohue about the Black Hat security conference, which begins this week in Las Vegas. Topics of discussion include Chris Valasek and Charlie Miller hacking automobiles, Jeff Forristal’s briefing on what promises to be a devastating Android vulnerability, why it’s dumb to host Black Hat in Las Vegas in the dead of summer, and more.
