Collaborate Disseminate
A group of Chinese researchers wanted to find out just how widespread DNS interception is and has presented the result of their large-scale study to the audience at the Usenix Security Symposium last week. The problem Most Internet connections are prec… Continue reading How often are users’ DNS queries intercepted?
If you’re using Google Chrome and you suddenly start seeing sites you usually visit labeled as “Not secure”, it’s because Google wants to push site owners to use HTTPS, i.e., encrypt the traffic passing from their visitors to th… Continue reading Chrome starts marking all HTTP sites as “Not secure”
A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday. System administrators are encouraged to upgrade to version 2.3.32 or 2.5.10.1 as soon as possible to avoid compromise. What is Apache Struts 2, and how is the vulnerability exploited? Apache Struts 2 is an open source web application framework for developing Java EE web applications. The vulnerability (CVE-2017-5638), discovered and reported … More → Continue reading Apache servers under attack through easily exploitable Struts 2 flaw
Slowly but relentlessly, Google is pushing website owners to deploy HTTPS – or get left behind. The latest announced push is scheduled for January 2017, when Chrome 56 is set to be released and will start showing in the address bar a warning that labels sites that transmit passwords or credit cards over HTTP as non-secure. In due time, all HTTP pages will be labeled by Chrome as non-secure, and ultimately, the HTTP security indicator … More → Continue reading Chrome will start labeling some HTTP sites as non-secure
The recently revealed security bug (CVE-2016-5696) in the TCP implementation in the Linux kernel that could allow attackers to hijack unencrypted web traffic without an MitM position also affects some 1.4 billion Android devices, Lookout researchers have warned. “We can estimate then that all Android versions running the Linux Kernel 3.6 (approximately Android 4.4 KitKat) to the latest are vulnerable to this attack or 79.9% of the Android ecosystem,” they noted. This fact should not … More → Continue reading Attackers can hijack unencrypted web traffic of 80% of Android users
Imperva released a new report at Black Hat USA 2016, which documents four high-profile vulnerabilities researchers at the Imperva Defense Center found in HTTP/2, the new version of the HTTP protocol that serves as one of the main building blocks of the Worldwide Web. HTTP/2 introduces new mechanisms that effectively increase the attack surface of business critical web infrastructure which then becomes vulnerable to new types of attacks. Imperva researchers took an in-depth look at … More → Continue reading Four high-profile vulnerabilities in HTTP/2 revealed