Web Security Tools and Best Practices
- March 24, 2017
Certificate authority Comodo has submitted two new Certificate Transparency logs for approval by Google, which aim to accept any publicly trusted certificates from any CA.
- March 22, 2017
HTTPS interception in security products and services may be reducing security rather than improving it, according to US-CERT, which puts middleboxes in a precarious position.
- January 20, 2017
News roundup: A flawed Adobe extension was secretly installed on 30 million Chrome browsers. Plus, the Mirai author has been identified; Google releases security details; and more.
- December 02, 2016
News roundup: Tor browser patches de-anonymizing vulnerability. Plus, Senators ask Obama to release information on Russia's impact on the election, Mirai botnet for rent and more.
- October 19, 2016
IBM asks, and researcher pulls proof of concept code from a coordinated vulnerability disclosure, internet explodes.
- October 04, 2016
Researchers found a way to use DNS monitoring to deanonymize Tor users by enhancing the effectiveness of fingerprinting attacks.
- September 29, 2016
Citing a long list of transgressions, Mozilla prepares to sanction Chinese certificate authority WoSign by removing it from its list of trusted certificate issuers.
- September 16, 2016
Google Project Zero Prize hacking competition is set to improve Android security by rewarding remote code execution exploits with prizes up to $200,000.
- August 12, 2016
The White House unveils a new open source government policy and new research estimates the government's zero-day exploit stockpile to be smaller than expected.
- August 05, 2016
Black Hat researchers report flaws in key web protocols, demonstrating widespread flaws in HTTP/2 implementations; Banner Health announces breach affecting 3.7 million.
- May 26, 2016
Microsoft speeds deprecation of SHA-1, Google dropping support for RC4, SSLv3, as web software publishers approach end of life for obsolete cryptographic algorithms and protocols.
- December 23, 2015
Increasing desire to be rid of SHA-1-signed certificates causes Google to join Microsoft, Mozilla in a likely acceleration of Chrome SHA-1 deprecation by six months.
- November 13, 2015
The Tor Project said that the Carnegie Mellon researchers behind an attack on the hidden service subsystem carried out last year were paid $1 million by the FBI to hack Tor network.
- October 14, 2015
Windows 10 security incorporates years of improvements to remove or mitigate long-term issues with Windows vulnerabilities.
- September 21, 2015
Google is trying to drag Web security into 2008 by asking sites to disable SSLv3 and RC4, and setting a minimum transfer security protocol of TLS 1.2.