Over at Microsoft’s MSDN magazine, there’s a really interesting article by Bryan Sullivan suggesting a defense-in-depth strategy to protect Web sites and applications from cross-site scripting (XSS) and cross-site request forgery (XSRF) attacks.
Browsing Category: Web Security
Attention GMail and GTalk users: There’s a major spam run underway with social engineering lures to steal your login cretentials.
This image shows a GMail message that purports to be an account termination warning from Google but, if a user is tricked into clicking on the link, he/she is redirected to a fake GMail page requesting the login credentials.
After years of lagging behind on important security features, Apple has finally added a malware-blocker, a phishing filter and support for EV (extended validation) certificates into the latest refresh of its Safari Web browser.
The malware roadblock headlines a list of Safari 4 security features that also includes cookie blocking, private browsing, secure encryption, safe downloads and parental controls.
In this video, Chris Pirillo offers some valuable advice for keeping your computer safe from malicious programs:
For a long time, the experience of patching Sun’s Java software has been less than pleasant. The updates were huge and time consuming, the patching instructions were a mess and, even worse, Sun never removed older, vulnerable versions from the patched machine.
Now it appears that things have been fixed. For starters, the company is offering this very important link that allows users to run a quick scan to determine whether the Java environment installation is up to date.