Web browser security

This resource center provides news, expert advice, and learning tools regarding web browser security including flaws, threats, problems, errors and vulnerabilities and offers solutions for patching and fixing them. This section covers Internet Explorer, Firefox, Opera, Safari, Google Chrome and more.

Top Stories

News 14 Sep 2021
Google patches actively exploited Chrome zero-days

Two more vulnerabilities in Google's web browser joined a growing list of Chrome zero-days that have been actively exploited in the wild this year. Continue Reading
By
- Arielle Waldman, News Writer
News 08 Dec 2020
Salesforce advised users to skip Chrome browser updates

Salesforce recommended users dealing with mixed content issues to skip Chrome upgrades or roll back to older versions of the browser, but the vendor later removed those steps. Continue Reading
By
- Arielle Waldman, News Writer

News 14 Sep 2021
Google patches actively exploited Chrome zero-days

Two more vulnerabilities in Google's web browser joined a growing list of Chrome zero-days that have been actively exploited in the wild this year. Continue Reading
By
- Arielle Waldman, News Writer
Definition 01 Sep 2021
certificate authority (CA)

A certificate authority (CA) is a trusted entity that issues Secure Sockets Layer (SSL) certificates. Continue Reading
By
- Rahul Awati
- Peter Loshin, Former Senior Technology Editor
Definition 26 Apr 2021
Tor browser

The Tor (the onion routing) browser is a web browser designed for anonymous web surfing and protection against traffic analysis. Continue Reading
By
- TechTarget Contributor
Definition 12 Apr 2021
Transport Layer Security (TLS)

Transport Layer Security (TLS) is an Internet Engineering Task Force (IETF) standard protocol that provides authentication, privacy and data integrity between two communicating computer applications. Continue Reading
By
- Andrew Froehlich, West Gate Networks
- Kevin Beaver, Principle Logic, LLC
- Michael Cobb
Definition 09 Apr 2021
PKI (public key infrastructure)

PKI (public key infrastructure) is the underlying framework that enables entities -- users and servers -- to securely exchange information using digital certificates. Continue Reading
By
- TechTarget Contributor
News 08 Dec 2020
Salesforce advised users to skip Chrome browser updates

Salesforce recommended users dealing with mixed content issues to skip Chrome upgrades or roll back to older versions of the browser, but the vendor later removed those steps. Continue Reading
By
- Arielle Waldman, News Writer
Tip 24 Nov 2020
Weighing remote browser isolation benefits and drawbacks

Remote browser isolation benefits end-user experience and an organization's network security. Compare the pros, cons and cost challenges before investing in the zero-trust approach. Continue Reading
By
- Michael Cobb
News 12 Aug 2020
Kaspersky reveals 2 Windows zero-days from failed attack

Kaspersky prevented an attack against a South Korean company back in May that used two zero-day vulnerabilities. One, arguably the more dangerous, focused on Internet Explorer. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 29 Apr 2020
SSL certificate best practices for 2020 and beyond

SSL/TLS security is continuously improving, and there are steps site owners should take to ensure the safety of their SSL certificates, websites and users. Read on to learn more. Continue Reading
By
- Michael Cobb
Tip 25 Mar 2020
How to prevent buffer overflow attacks

Read up on types of buffer overflow attacks, and learn secure coding best practices that prevent such vulnerabilities, as well as post-deployment steps to keep apps and websites safe. Continue Reading
By
- Sharon Shea, Executive Editor
News 13 Dec 2019
Google expands multiple Chrome password protection features

Chrome's updated, built-in protections are intended to help users protect their passwords and data against malware, data breaches and phishing sites, according to the company. Continue Reading
By
- Ha Ta
Answer 20 Nov 2019
Comparing Diffie-Hellman vs. RSA key exchange algorithms

See which encryption method uses digital signatures, symmetric key exchanges, bulk encryption and much more in this Diffie-Hellman vs. RSA showdown. Continue Reading
By
- Sharon Shea, Executive Editor
- Michael Cobb
News 07 Nov 2019
SSL certificate abuse drives growing number of phishing attacks

Phishing attacks against the United Nations and humanitarian organizations show how threat actors are weaponizing valid SSL certificates and how hard it is to stop the abuse. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 06 Nov 2019
Firefox bug is enabling attackers to freeze out users

A recently reported bug in Firefox allows spammed authentication dialogs to lock users out of their browsers and it is under attack in the wild, despite previous efforts to patch. Continue Reading
By
- Michael Heller, TechTarget
News 20 Sep 2019
Sinkholed Magecart domains resurrected for advertising schemes

Security vendor RiskIQ discovered several old Magecart domains that had been sinkholed were re-registered under new owners and are now engaged in fraudulent advertising activity. Continue Reading
By
- Rob Wright, Senior News Director
Opinion 20 Aug 2019
How does Menlo Security’s remote browser compare in an ever more crowded space?

There are now many remote browser isolation options available, from both desktop virtualization vendors and security vendors. Menlo just got a $75 million round of funding—so, how does it compare? Continue Reading
By
- Rachel Berry
News 17 Jul 2019
E-commerce platforms used for domain spoofing against Best Buy

Despite efforts to flag spoofed domains imitating Best Buy, the sites are still active on e-commerce platforms like Shopify and GearLaunch, which have not taken them down. Continue Reading
By
- Rob Wright, Senior News Director
Feature 30 Apr 2019
Inside 'Master134': Propeller Ads connected to malvertising campaign

A SearchSecurity investigation determined ad network Propeller Ads played a significant role in the early stages of the Master134 malvertising campaign. Continue Reading
By
- Rob Wright, Senior News Director
Feature 30 Apr 2019
Inside 'Master134': Ad networks' 'blind eye' threatens enterprises

Online ad networks linked to the Master134 malvertising campaign and other malicious activity often evade serious fallout and continue to operate unabated. Continue Reading
By
- Rob Wright, Senior News Director
Feature 30 Apr 2019
'Master134' malvertising campaign raises questions for online ad firms

Malvertising and adware schemes are a growing concern for enterprises. Our deep investigation into one campaign reveals just how complicated threats can be to stop. Continue Reading
By
- Rob Wright, Senior News Director
Feature 30 Apr 2019
Inside 'Master134': ExoClick tied to previous malvertising campaigns

Online ad network ExoClick denied any involvement in the Master134 campaign, but the company has ties to similar malvertising threats. Continue Reading
By
- Rob Wright, Senior News Director
Feature 30 Apr 2019
Inside 'Master134': More ad networks tied to malvertising campaign

Check Point's report on the Master134 malvertising campaign implicated five ad networks, but a SearchSecurity investigation revealed more companies were involved. Continue Reading
By
- Rob Wright, Senior News Director
Answer 15 Apr 2019
How do I avoid Exchange security certificate issues?

Exchange SSL certificates keep communications secure, so it's important avoid the bargain bin when shopping for them. Continue Reading
By
- Edward van Biljon, Global Micro Solutions
Feature 28 Mar 2019
Symantec Web Security Service vs. Zscaler Internet Access

Learn how cloud-based secure web gateway products Symantec Web Security Service and Zscaler Internet Access compare when it comes to features, benefits, pricing and support. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
News 01 Feb 2019
Google planning warnings for lookalike URLs in Chrome

Google is planning to add warnings on lookalike URLs in an ongoing effort to ensure internet users experience useful and clear warnings while using the Chrome browser. Continue Reading
By
- Michael Heller, TechTarget
Feature 25 Jan 2019
Infoblox's Cricket Liu explains DNS over HTTPS security issues

Cricket Liu, chief DNS architect at Infoblox, explains how DNS over HTTPS and DNS over TLS improve security, as well as challenges the new protocols may soon raise for enterprises. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Tip 25 Jan 2019
How to manage cookies across web browsers

There are pros -- saved login credentials -- and cons -- privacy concerns -- to cookies. Either way, IT should understand how to manage cookies across web browsers. Continue Reading
By
- Gary Olsen
Answer 23 Jan 2019
How does cross-site tracking increase security risks?

Mozilla's Firefox 63 automatically blocks tracking cookies and other site data from cross-site tracking. Learn what this is and what the benefits of blocking it are with Nick Lewis. Continue Reading
By
- Nick Lewis
News 21 Dec 2018
Microsoft patches Internet Explorer zero-day bug under attack

News roundup: Microsoft issues an emergency patch for an Internet Explorer bug exploited in the wild. Plus, authorities indict three individuals for 'stresser' services, and more. Continue Reading
By
- Rob Wright, Senior News Director
Quiz 11 Dec 2018
Web browser quiz: Do you know Chrome, Firefox, Edge and IE?

Users work with web browsers constantly. As a result, it's important for IT to know how to manage the top options, including Google Chrome and Mozilla Firefox. Continue Reading
By
- Eddie Lockhart, Site Editor
Answer 05 Dec 2018
How does TLS 1.3 differ from TLS 1.2?

Compared to TLS 1.2, TLS 1.3 saw improvements in security, performance and privacy. Learn how TLS 1.3 eliminated vulnerabilities using cryptographic algorithms. Continue Reading
By
- Michael Cobb
Tip 15 Nov 2018
How to configure browsers to avoid web cache poisoning

Web cache poisoning poses a serious threat to web browser security. Learn how hackers can exploit unkeyed inputs for malicious use with expert Michael Cobb. Continue Reading
By
- Michael Cobb
News 12 Oct 2018
Mozilla delays distrust of Symantec TLS certificates, Google doesn't

Mozilla delays plans to distrust Symantec TLS certificates in Firefox because despite more than one year's notice, approximately 13,000 websites still use the insecure certificates. Continue Reading
By
- Michael Heller, TechTarget
Tip 27 Sep 2018
Why communication is critical for web security management

Conveying the importance of web security to management can be difficult for many security professionals. Kevin Beaver explains how to best communicate with the enterprise. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
News 26 Sep 2018
Controversial Chrome login feature to be partially rolled back

Google will modify the next version of Chrome in an attempt to appease critics of the browser's cookie retention functionality and automatic Chrome login feature. Continue Reading
By
- Michael Heller, TechTarget
News 26 Sep 2018
Browser Reaper POC exploit crashes Mozilla Firefox

A security researcher developed a proof-of-concept attack on Firefox, called Browser Reaper, which can crash or freeze the browser. But he gave Mozilla short notice of the flaw. Continue Reading
By
- Madelyn Bacon, TechTarget
News 25 Sep 2018
Google Chrome sign-in changes cause confusion and concern

Google Chrome sign-in changes are being criticized by experts, and poor communication from Google has led to more confusion about user privacy and consent. Continue Reading
By
- Michael Heller, TechTarget
News 16 Aug 2018
Finalized TLS 1.3 update has been published at last

The finalized TLS 1.3 update has been published after a four-year process. The new protocol promises to be faster and more secure than its predecessor, TLS 1.2. Continue Reading
By
- Madelyn Bacon, TechTarget
News 13 Jul 2018
Chrome site isolation arrives to mitigate Spectre attacks

In an effort to mitigate the risk of Spectre attacks, Google Chrome site isolation has been enabled for 99% of browser users to minimize the data that could be gleaned by an attacker. Continue Reading
By
- Michael Heller, TechTarget
Tip 12 Jul 2018
How to stop malicious browser add-ons from taking root

Researchers at Malwarebytes discovered several new browser extension threats. Discover how to avoid and properly removed malicious add-ons with expert Nick Lewis. Continue Reading
By
- Nick Lewis
Answer 12 Jul 2018
How can cryptojacking attacks in Chrome be stopped?

Google instituted an aggressive ban on all cryptomining extensions for Chrome after cryptojacking attacks started to become more common. Learn how the ban works with Michael Cobb. Continue Reading
By
- Michael Cobb
Answer 09 Jul 2018
How did an old, unpatched Firefox bug expose master passwords?

A Firefox bug went undetected for nine years. Expert Michael Cobb explains how it enabled attackers to access the browser's master password and what's being done to mitigate it. Continue Reading
By
- Michael Cobb
News 29 Jun 2018
WebAssembly updates may cancel out Meltdown and Spectre fixes

News roundup: Upcoming WebAssembly updates may undo the Meltdown and Spectre mitigations. Plus, FireEye denied claims it 'hacked back' China, and more. Continue Reading
By
- Madelyn Bacon, TechTarget
Answer 29 Jun 2018
Microsoft CredSSP: How was it exploited by CVE-2018-0886?

The CVE-2018-0886 vulnerability found within Microsoft's CredSSP was recently patched. Discover what this vulnerability is and how it affects the CredSSP protocol with Judith Myerson. Continue Reading
By
- Judith Myerson
Answer 27 Jun 2018
How are air-gapped computers put at risk by the Mosquito attack?

Researchers recently discovered Mosquito -- an air-gapped attack that bites computers to put air-gapped networks at risk. Discover the logistics of this technique with Judith Myerson. Continue Reading
By
- Judith Myerson
Answer 25 Jun 2018
How did the Panera Bread website expose customers?

Panera Bread website users were put at risk after a security researcher discovered a vulnerability relating to a lack of authentication for their publicly available API endpoint. Continue Reading
By
- Judith Myerson
News 08 Jun 2018
Apple plans to disable Facebook web tracking capabilities

News roundup: Apple wants to protect its users from Facebook web tracking with the next version of Safari. Plus, genealogy website MyHeritage suffers data breach, and more. Continue Reading
By
- Madelyn Bacon, TechTarget
Answer 08 Jun 2018
How can domain generation algorithms be used to bypass ad blockers?

An ad network used domain generation algorithms to bypass ad blockers and launch cryptomining malware. Expert Michael Cobb explains how and the best way to prevent these attacks. Continue Reading
By
- Michael Cobb
Answer 05 Jun 2018
What risks do untrusted certificates pose to enterprises?

Researchers found that untrusted certificates are still used on many major websites. Expert Michael Cobb discusses the security risks of sticking with these certificates. Continue Reading
By
- Michael Cobb
News 27 Mar 2018
TLS 1.3 update is finalized with encryption upgrade

The IETF approves the TLS 1.3 encryption protocol upgrade after four years and 28 versions; improvements include better security and performance, as well as middlebox support. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 21 Mar 2018
Firefox bug exposes passwords to brute force -- for nine years

A Firefox bug exposing the browser's master password to a simple brute force attack against inadequate SHA-1 hashing is still on the books after nearly nine years. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Answer 14 Mar 2018
Internet Explorer bug: How does it expose address bar info?

A bug in Microsoft's Internet Explorer update exposes information that users enter into the browser's address bar. Learn more about the bug and URL tracking with Nick Lewis. Continue Reading
By
- Nick Lewis
Answer 05 Mar 2018
The Keeper browser extension flaw: How can users stay secure?

The Keeper browser extension had a vulnerability that highlighted security issues with password managers. Expert Michael Cobb looks at how to avoid security flaws in these tools. Continue Reading
By
- Michael Cobb
News 27 Feb 2018
Ad network cryptojacking attack bypasses ad blockers

Qihoo 360's Netlab team discovered an online ad network has been bypassing ad blockers and running cryptomining software in the browsers of unsuspecting visitors. Continue Reading
By
- Rob Wright, Senior News Director
Answer 26 Feb 2018
Uber breach: How did a private GitHub repository fail Uber?

The recent Uber breach calls into question the use of code repositories. Expert Matt Pascucci explains how the breach of GitHub and Amazon Web Services occurred. Continue Reading
By
- Matthew Pascucci
Answer 23 Feb 2018
How did OurMine hackers use DNS poisoning to attack WikiLeaks?

The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from expert Nick Lewis. Continue Reading
By
- Nick Lewis
News 21 Feb 2018
Google discloses Microsoft Edge vulnerability without a patch

Google's Project Zero publicly published an Edge browser vulnerability after the 90-day disclosure deadline expired, and Microsoft has yet to patch the flaw. Continue Reading
By
- Madelyn Bacon, TechTarget
Answer 19 Feb 2018
Antivirus tools: Are two programs better than one?

Antivirus software is crucial to your device's security. However, less is often more, especially when considering a secondary free antivirus program. Nick Lewis explains why. Continue Reading
By
- Nick Lewis
News 07 Feb 2018
Grammarly vulnerability exposed user documents

A Grammarly vulnerability in its browser extension authentication could have exposed users' sensitive documents if the popular spelling and grammar checker were left unpatched. Continue Reading
By
- Madelyn Bacon, TechTarget
Answer 01 Feb 2018
Katyusha Scanner: How does it work via a Telegram account?

The Katyusha Scanner is based on the open source penetration test scanner Arachni. However, it has been modified to work through Telegram accounts. Nick Lewis explains how it works. Continue Reading
By
- Nick Lewis
Tip 25 Jan 2018
How are middleboxes affecting the TLS 1.3 release date?

Despite fixing important security problems, the official TLS 1.3 release date keeps getting pushed back, in part due to failures in middlebox implementations. Continue Reading
By
- Loganaden Velvindron, CyberStorm.mu
Answer 18 Jan 2018
Public key pinning: Why is Google switching to a new approach?

After introducing HTTP Public Key Pinning to the internet two years ago, the upcoming Chrome will replace it with the Expect-CT header. Matt Pascucci explains the switch. Continue Reading
By
- Matthew Pascucci
Answer 15 Jan 2018
Canvas fingerprinting: How does it compromise security?

Mozilla recently decided to pull the HTML canvas element from the Firefox browser. Learn from expert Matt Pascucci what this means for the security and privacy of users. Continue Reading
By
- Matthew Pascucci
News 29 Dec 2017
Browser login managers allow tracking scripts to steal credentials

News roundup: Login managers enable the exposure of user credentials in over 1,000 websites. Plus, Mozilla patched a critical vulnerability in Thunderbird, and more. Continue Reading
By
- Madelyn Bacon, TechTarget
News 19 Dec 2017
Flawed Keeper password manager preinstalled on Windows 10

Google Project Zero's Tavis Ormandy discovered a flaw in the Keeper password manager browser extension that could allow attackers to steal credentials. Continue Reading
By
- Michael Heller, TechTarget
Tip 21 Nov 2017
How to add HTTP security headers to various types of servers

Expert Judith Myerson outlines the different types of HTTP security headers and how to add them to different servers, including Apache, Ngnix and Microsoft IIS Manager. Continue Reading
By
- Judith Myerson
Answer 14 Nov 2017
HTTP Strict Transport Security: What are the security benefits?

Google's use of HTTP Strict Transport Security aims to improve web browsing security. Expert Judith Myerson explains how HSTS can make the internet more secure. Continue Reading
By
- Judith Myerson
News 03 Nov 2017
Certificate authority business undergoes major changes

News roundup: Comodo and Symantec sales signal important changes in the certificate authority business. Plus, an Oracle vulnerability gets a CVSS score of 10.0, and more. Continue Reading
By
- Madelyn Bacon, TechTarget
Tip 17 Oct 2017
Analyzing the flaws of Adobe's HTTP security headers

A recent patching issue with Flash drew attention to shortcomings with Adobe's HTTP security headers. Judith Myerson discusses the importance of HTTP header security. Continue Reading
By
- Judith Myerson
Answer 05 Oct 2017
Flash's end of life: How should security teams prepare?

Adobe Flash's end of life is coming, and it includes an incremental removal method, allotting security teams enough time to adjust. Matt Pascucci explains how changes can be made. Continue Reading
By
- Matthew Pascucci
Answer 04 Oct 2017
WoSign certificates: What happens when Google Chrome removes trust?

Google Chrome has started removing trust in certificates issued by WoSign. Matthew Pascucci explains this decision and what it means for companies using WoSign certificates. Continue Reading
By
- Matthew Pascucci
Answer 18 Sep 2017
Are long URLs better for security than short URLs?

Shortened URLs are weak on security and easy for attackers to inject with malware. Expert Judith Myerson discusses how long URLs are more secure, despite the inconvenience. Continue Reading
By
- Judith Myerson
Tip 14 Sep 2017
The HTML5 vulnerabilities enterprises need to know

Adobe Flash's end of life is coming, but there are some HTML5 vulnerabilities enterprises should be aware of before making the switch. Expert Judith Myerson outlines the risks. Continue Reading
By
- Judith Myerson
Feature 01 Sep 2017
HTTPS interception gets a bad rap; now what?

Should products intercept Transport Layer Security connections to gain visibility into network traffic? A new study by researchers and U.S.-CERT warn against it. Continue Reading
By
- Kathleen Richards
28 Aug 2017

HTTPS interception gets a bad rap; now what?

Continue Reading
News 18 Aug 2017
Hijacked Chrome extensions infect millions of users

News roundup: Hackers leveraged eight hijacked Chrome extensions to attack 4.8 million browser users. Plus, Cloudflare stopped protecting a neo-Nazi website from DDoS attacks, and more. Continue Reading
By
- Madelyn Bacon, TechTarget
News 03 Aug 2017
Symantec Website Security, certificate authority business sold to DigiCert

DigiCert agrees to buy majority stake in Symantec Website Security just days after Google releases an April 2018 distrust date for Symantec certificates. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Answer 25 Jul 2017
ASLR side-channel attack: How is JavaScript used to bypass protection?

Researchers have developed an ASLR Cache side-channel attack that enables them to eliminate ASLR protections. Expert Nick Lewis explains how JavaScript code is used in the attack. Continue Reading
By
- Nick Lewis
News 20 Jul 2017
Industry reacts to Symantec certificate authority trust remediation

As the Symantec certificate authority scrambles to transition its certificate-issuance operations to a subordinate certificate authority, the CA industry sharpens its knives. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 19 Jul 2017
Symantec agrees to transfer certificate issuance to third party

Symantec has agreed to a plan that would transfer its certificate issuance and validation operations to as-yet-unnamed third-party partner starting Dec. 1. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Answer 13 Jul 2017
How are forged cookies used in attacks on online user accounts?

Yahoo claimed a vulnerability in its email service enabled attackers to use forged cookies to gain access to user accounts. Expert Michael Cobb explains what forged cookies are and how they are used in attacks Continue Reading
By
- Michael Cobb
News 13 Jul 2017
Symantec certificate authority business reportedly for sale

As Google and Mozilla prepare plans to reduce trust for Symantec's certificate authority, the antivirus vendor is reported to be seeking a buyer for its web certificate business. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 10 Jul 2017
WoSign CA certificates get end-of-trust date in Chrome

Google to distrust all WoSign CA certificates in Chrome starting in September, as the troubled certificate authority passed a key audit and is seeking a new CEO to help return trust. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Answer 07 Jul 2017
How are hackers using Unicode domains for spoofing attacks?

A proof of concept showed that hackers can use Unicode domains to make phishing sites look legitimate. Expert Matthew Pascucci explains how this spoofing attack works. Continue Reading
By
- Matthew Pascucci
Answer 05 Jul 2017
What are the challenges of migrating to HTTPS from HTTP?

Migrating to HTTPS from HTTP is a good idea for security, but the process can be a challenge. Expert Matthew Pascucci explains how to make it easier for enterprises. Continue Reading
By
- Matthew Pascucci
Tip 22 Jun 2017
How the use of invalid certificates undermines cybersecurity

Symantec and other trusted CAs were found using bad certificates, which can create huge risk for internet users. Expert Michael Cobb explains how these incidents can be prevented. Continue Reading
By
- Michael Cobb
Answer 16 Jun 2017
Why do HTTPS interception tools weaken TLS security?

HTTPS interception tools help protect websites, but they can also hurt TLS security. Expert Judith Myerson explains how this works and what enterprises can do about it. Continue Reading
By
- Judith Myerson
News 14 Jun 2017
Symantec CA remediation plan faces more delays

The battle over Symantec CA operations continues as the antivirus vendor pushes back against a consensus remediation proposal from the web browser community. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Answer 06 Jun 2017
Adobe Acrobat Chrome extension: What are the risks?

An Adobe Acrobat extension was automatically installed onto users' Chrome browsers during an update. Expert Michael Cobb explains the problems that existed with the extension. Continue Reading
By
- Michael Cobb
Answer 05 Jun 2017
Cisco WebEx extension flaw: How does the patch fall short?

Cisco's WebEx extension flaw was patched to prevent remote code execution from all but WebEx sites. Expert Michael Cobb explains how this flaw could still introduce risk to users. Continue Reading
By
- Michael Cobb
Answer 30 May 2017
Domain validation certificates: What are the security issues?

Let's Encrypt domain validation certificates had some security issues. Expert Matthew Pascucci explains how DV certificates work and what the issues were. Continue Reading
By
- Matthew Pascucci
Answer 24 May 2017
How does the Stegano exploit kit use malvertising to spread?

A malvertising campaign by the AdGholas group has been found spreading the Stegano exploit kit. Expert Nick Lewis explains how web advertisements are used in this attack. Continue Reading
By
- Nick Lewis
Feature 11 May 2017
Timeline: Symantec certificate authority improprieties

Timeline: Follow along as Google and Mozilla raise issues with Symantec certificate authority actions, and then attempt to return trust to the CA giant. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 05 May 2017
TLS client authentication ensures secure IoT connection

The TLS client authentication protocol has been part of the security standard for years, but it's just now coming into its own in certifying secure IoT connections. Continue Reading
By
- Michael Heller, TechTarget
Answer 03 May 2017
Same-origin policy: How did Adobe Flash Player's implementation fail?

The same-origin security feature in Adobe Flash Player was implemented incorrectly, allowing local attackers to spy on users. Expert Michael Cobb explains how this flaw occurred. Continue Reading
By
- Michael Cobb
News 02 May 2017
Mozilla: Symantec certificate remediation plan not enough

Mozilla reviews the counterproposal from Symantec and urges the CA giant to opt for Google's recommendation to outsource its certificate activities. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 25 Apr 2017
Symantec certificate authority issues, answered

Google and Mozilla weigh the proper response to Symantec certificate authority issues, as the CA giant prepares an alternative proposal for reinstating trust. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Answer 24 Apr 2017
How does Ticketbleed affect session ID security?

The Ticketbleed bug in some F5 Networks products caused session IDs and uninitialized memory to leak. Expert Judith Myerson explains what a session ID is and how attackers use it. Continue Reading
By
- Judith Myerson
News 12 Apr 2017
Symantec CA woes debated by browser community

Compliance with CA/B Forum Baseline Requirements was debated after Symantec CA posted responses to 14 issues raised by Mozilla developers. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 31 Mar 2017
HTTPS traffic has yet to surpass HTTP traffic, Fortinet study shows

News roundup: HTTPS traffic has yet to surge, despite its security benefits, according to a report. Plus, the latest in the Apple extortion; a Mirai attack lasted 54 hours; and more. Continue Reading
By
- Madelyn Bacon, TechTarget