HackDig : Dig high-quality web security articles for hacker

New attacks on Network Time Protocol can defeat HTTPS and create chaos

Serious weaknesses in the Internet's time-synchronization mechanism can be exploited to cause debilitating outages, snoop on encrypted communications, or tamper with Bitcoin transactions, computer scientists warned Wednesday.The vulnerabilities reside in the Network Time Protocol, the widely used specification computers use to ensure their internal clocks ar
Publish At:2015-10-22 00:25 | Read:3054 | Comments:0 | Tags:Risk Assessment Technology Lab DNSSEC HSTS HTTPS network tim

New Attacks Recall Old Problems with Browser Cookies

In case didn’t know or need a reminder, browser cookies aren’t exactly impervious to attack.The DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University this week dropped an alert that warns users about the continued prevalence of a class of cookie vulnerabilities that puts users’ privacy and even financial wel
Publish At:2015-09-25 16:25 | Read:3129 | Comments:0 | Tags:Hacks Vulnerabilities Web Security browser cookies browser h

Microsoft Brings HSTS to Windows 7 and 8.1

In the midst of a relatively light Patch Tuesday, Microsoft yesterday introduced an extra measure of security for users running Internet Explorer 11 on Windows 7 and Windows 8.1 machines: HSTS.Short for HTTP Strict Transport Security, HSTS is a browser header that forces any sessions sent over HTTP to be sent instead over HTTPS based on a preloaded list of s
Publish At:2015-06-10 23:55 | Read:2371 | Comments:0 | Tags:Cryptography Microsoft Web Security Chromium HSTS preload li

#HackerKast 16: India blocks GitHub, GoGo fake SSL certificates, North Korea’s only network

Happy 2015 everybody! Jeremiah, Robert, and I got right back on track our first week back in the office and there were plenty of stories to talk about. Turns out hackers don’t really take vacation. Right off the bat Robert brought up a story about the Indian government pulling a China and blocking access to a ton of sites this week. Some notable sites
Publish At:2015-01-08 01:45 | Read:4197 | Comments:0 | Tags:Vulnerabilities Web Application Security WhiteHat HackerKast

Browsing in privacy mode? Super Cookies can track you anyway

For years, Chrome, Firefox, and virtually all other browsers have offered a setting that doesn't save or refer to website cookies, browsing history, or temporary files. Privacy-conscious people rely on it to help cloak their identities and prevent websites from tracking their previous steps. Now, a software consultant has devised a simple way websites ca
Publish At:2015-01-06 23:20 | Read:2707 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab Uncategorized

EFF, Others Plan to Make Encrypting the Web Easier in 2015

By all accounts, switching web servers over to HTTPS from HTTP has long been viewed as a fickle affair; HTTPS/SSL certificates are expensive and on top of that notoriously cumbersome to install and maintain.A new coalition comprised of The Electronic Frontier Foundation (EFF) and a handful of other firms announced today it will address this issue in 2015 by
Publish At:2014-11-19 01:15 | Read:2977 | Comments:0 | Tags:Cryptography Privacy Web Security EFF Encryption HSTS HTTPS


Share high-quality web security related articles with you:)


Tag Cloud