HackDig : Dig high-quality web security articles for hackers

Firefox 76 will have option to enforce HTTPS-only connections

byJohn E DunnConverting websites from HTTP to HTTPS over the last decade must count as one of the most successful quiet security upgrades ever to affect web browsing.Using an HTTPS site means that your browser and the site establish an encrypted connection which can’t be snooped on by ISPs, rogue Wi-Fi access points, or anyone else trying to monitor the cont
Publish At:2020-03-27 10:24 | Read:675 | Comments:0 | Tags:Firefox Google Mozilla Security threats Web Browsers browser

Let’s Encrypt issues one billionth free certificate

byDanny BradburyLast week was a big one for non-profit digital certificate project Let’s Encrypt – it issued its billionth certificate. It’s a symbolic milestone that shows how important this free certificate service has become to web users.Publicly announced in November 2014, Let’s Encrypt offers TLS certificates for free. These cert
Publish At:2020-03-02 09:21 | Read:769 | Comments:0 | Tags:Cryptography ACME Automated Certificate Management Environme

Python Sender

Last week I played my first Capture The Flag (CTF) where I really tried solving the challenges for a couple of hours. It was a regular jeopardy style CTF with binaries, web applications and other server ports. I don’t think CTFs are going to be my favourite hobby, as pentesting is similar but just a little bit more real life. However, CTFs are very ni
Publish At:2019-09-19 18:20 | Read:1212 | Comments:0 | Tags:Useful scripts Web Penetration Testing CTF http pentesting p

Five Security Tips to Protect Embedded Devices

Embedded devices on enterprise networks make attractive targets for hackers because they provide potential footholds.These systems perform a variety of functions, often involving sensitive data or control of critical systems. Network gear, printers, storage appliances and other equipment generally do not have end-point protection installed, making them an id
Publish At:2016-08-03 13:00 | Read:20310 | Comments:0 | Tags:Featured Articles Security Awareness Embedded devices HTTP n

Why is Passive Mixed Content so serious?

One of the most important tools in web security is Transport Layer Security (TLS). It not only protects sensitive information during transit, but also verifies that the content has not been modified. The user can be confident that content delivered via HTTPS is exactly what the website sent. The user can exchange sensitive information with the website, secur
Publish At:2015-07-31 01:45 | Read:3655 | Comments:0 | Tags:Technical Insight Tools and Applications Vulnerabilities Web

IIS At Risk: The HTTP Protocol Stack Vulnerability

Unpatched versions of Microsoft’s Internet Information Services (IIS) web server are vulnerable to a remote denial of service attack that can prove to be very threatening if set against critical systems. The vulnerability, which was fixed by Microsoft in MS15-034 as part of the April 2015 Patch Tuesday cycle, can trigger the blue screen of death or mor
Publish At:2015-04-22 17:50 | Read:5343 | Comments:0 | Tags:Vulnerabilities HTTP IIS web server Vulnerability

New Firefox version says “might as well” to encrypting all Web traffic

Developers of the Firefox browser have moved one step closer to an Internet that encrypts all the world's traffic with a new feature that can cryptographically protect connections even when servers don't support the HTTPS protocol.Further ReadingInternet architects propose encrypting all the world’s Web trafficNext-gen HTTP calls for default crypto to st
Publish At:2015-04-02 06:15 | Read:4174 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab cryptography e

#HackerKast 13 Bonus Round: FlashFlood – JavaScript DoS

In this week’s HackerKast bonus footage, I wrote a little prototype demonstrator script that shows various concepts regarding JavaScript flooding. I’ve run into the problem before where people seem to not understand how this works, or even that it’s possible to do this, despite multiple attempts at trying to explain it over the years. So
Publish At:2014-12-16 23:10 | Read:3901 | Comments:0 | Tags:Technical Insight Vulnerabilities Web Application Security W

Filtering Explicit Content

Many web sites provide a setting to reduce the amount of explicit, or objectionable, content returned by the site. The user configures these settings, but many users are unaware such a setting exists, or that it needs to be set for each web site. Additionally, the security administrator cannot audit that users have configured the setting. As a result, users
Publish At:2014-09-02 09:30 | Read:3369 | Comments:0 | Tags:Security Cisco Security Service content CWS HTTP security we

Tools

Tag Cloud