Multiple HTTP/2 implementations are vulnerable to denial-of-service attacks
Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. Netflix discovered several resource exhaustion vectors affecting a
Read more
HTTPS
FBI warns users to be wary of phishing sites abusing HTTPS
This week the FBI issued a warning that too many web users view the padlock symbol and the ‘S’ on the end
Read more
ISP Address Blank In Direct Access Client Statistics
If you are a Direct Access administrator you may need to locate a client’s real IP address, the one given
Read more
Cloudflare Has Two New Tools for Detecting HTTPS Interception
The practice of HTTPS interception continues to be commonplace on the Internet. HTTPS interception has encountered scrutiny, most notably in
Read more
Netgate pfSense sshguard Implementation Access Bypass Vulnerability [CVE-2018-20799]
CVE Number – CVE-2018-20799 A vulnerability in Netgate pfSense could allow an unauthenticated, remote attacker to bypass security restrictions on
Read more
Squid HTTPS Error Page Cross-Site Scripting Vulnerability [CVE-2018-19131]
CVE Number – CVE-2018-19131 A vulnerability in Squid could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS)
Read more
From Today Google Chrome Will Label All HTTP Sites As ‘Not Secure’
The latest version of Chrome (version 68) will now mark all HTTP sites as “not secure.” Up to this point,
Read more
What is HTTPS ?
HTTPS stands for Hypertext Transfer Protocol Secure. It is a technology that ensures secure communication over a computer network, widely
Read more
Browser Non-HTTPS Website Warning
Google have announced (details here) that all HTTP sites will be marked as insecure in version 68 of their Chrome
Read more
Reports Of Increased Use Of Counterfeit Code-Signing Certificates
A recent open source blog post from Insikt suggests there is a small but growing market in counterfeit code-signing certificates.
Read more