Collaborate Disseminate
A few days ago, Let’s Encrypt discovered that they misinterpreted RFC 5280, thus making every certificate they issued valid for one second longer than expected.
The associated issue on Mozilla bug tracker definitively looks serious, and so… Continue reading Let’s Encrypt certificate lifetime incident: is there any security risk?
A few days ago, Let’s Encrypt discovered that they misinterpreted RFC 5280, thus making every certificate they issued valid for one second longer than expected.
The associated issue on Mozilla bug tracker definitively looks serious, and so… Continue reading Let’s Encrypt certificate lifetime incident: is there any security risk?
A few days ago, Let’s Encrypt discovered that they misinterpreted RFC 5280, thus making every certificate they issued valid for one second longer than expected.
The associated issue on Mozilla bug tracker definitively looks serious, and so… Continue reading Let’s Encrypt certificate lifetime incident: is there any security risk?
I used SonarQube to perform a static code analysis of my project and it detected a security vulnerability in one of my CSS files:
For security reasons, protocol-relative URLs should not be used.
Noncompliant Code Exa… Continue reading What’s the security risk of using a protocol-relative URL in a CSS stylesheet?
I’ve just downloaded and executed a piece of malware on my computer.
I don’t have much time right now, so I just powered it off (turned it off via the Start menu), hoping that it won’t be able to steal any data or do malicious activities … Continue reading Can a malware power on a computer?
I’ve just read an article about bitsquatting (which refers to the registration of a domain name one bit different than a popular domain) and I’m concerned about how it could allow an attacker to load its own assets on my webs… Continue reading How can I protect my website against bitsquatting?
According to NetTrack, Let’s Encrypt is now used on more than 50% of domains (51.21% as of April 2018).
I know Let’s Encrypt helped a lot of people to get free certificates for their websites, so I think its existence was a … Continue reading Is there any security risk when a certificate authority is used more than all others?
While participating in a bug bounty program, I stumbled upon an issue which led to a security vulnerability when exploited with other issues on unrelated products.
All those issues aren’t security vulnerabilities per se, but… Continue reading How to report a security vulnerability involving multiple unrelated companies?
During a pentest, I’ve found a potential vulnerability on a web page, but it can only be exploited in quirks mode.
The page starts with <!doctype html>, which triggers standards mode so at first glance, it isn’t exploi… Continue reading Can an attacker force a browser to use quirks mode to render a page?