Collaborate Disseminate
The U.S. Department of Homeland Security (DHS) has today issued an “emergency directive” to all federal agencies ordering IT staff to audit DNS records for their respective website domains, or other agency-managed domains, within next 10 business days…. Continue reading DHS Orders U.S. Federal Agencies to Audit DNS Security for Their Domains
As the shutdown continues into its 21st day, dozens of .gov websites haven’t renewed their TLS certificates. Continue reading U.S. Government Shutdown Leaves Dozens of .Gov Websites Vulnerable
The second report in a week has analysed phishing attacks that are attempting – and probably succeeding – in bypassing older forms of two-factor authentication (2FA). Continue reading More phishing attacks on Yahoo and Gmail SMS 2FA authentication
WebViews are very common on the Android applications. There are clear WebView security best practices, but are they being implemented? With our previous blog post in mind, Android WebView: Secure Coding Practices, we wanted to understand how secur… Continue reading Android WebView: Are Secure Coding Practices Being Followed?
Researchers demonstrate Cache-like ATacks against RSA key exchange. Continue reading Bleichenbacher’s CAT puts another scratch in TLS
This is your Shared Security Weekly Blaze for December 3rd 2018 with your host, Tom Eston. In this week’s episode: the massive Marriott data breach, secure holiday shopping tips, and phishing sites using HTTPS. Silent Pocket is a proud sponsor of… Continue reading Massive Marriott Data Breach, Secure Holiday Shopping Tips, Phishing Sites Using HTTPS – WB45
DNS, also known as Domain Name System, is the internet-wide service that translates fully qualified hostnames (FQDNs) such as www.netsparker.com into an IP address. It was developed because it’s much easier to remember a domain name than an IP address…. Continue reading Pros and Cons of DNS Over HTTPS
Every day, we’re connecting more and more devices over the internet. No longer does a household have a single connected computer — there are smartphones, tablets, HVAC systems, deadbolts — you name it, it’s been connected. As the Internet of Things proliferates, it has become readily apparent that security is an issue in this space. [Andreas Spiess] has been working on this very problem, by bringing HTTPS to the ESP8266 and ESP32.
Being the most popular platform for IOT devices, it makes sense to start with the ESP devices when improving security. In his video, [Andreas] starts at the beginning, …read more
This is your Shared Security Weekly Blaze for October 1st 2018 with your host, Tom Eston. In this week’s episode: Facebook’s fake account crackdown, privacy upgrade to HTTPS, and new security features in Apple iOS 12. Silent Pocket is a pro… Continue reading Facebook’s Fake Account Crackdown, Privacy Upgrade to HTTPS, New Security Features in Apple iOS 12 – WB36
Everyone knew that SNI needed to be fixed sooner or later, but nobody was quite sure how. Continue reading Finally, a fix for the encrypted web’s Achilles’ heel