A whole lot of work rolling out HTTP security is being undermined by bad browser implementation that facilitates man-in-the-middle attacks.
CERT has warned that all of the major browser vendors have a basic implementation error that mean “cookies set via HTTP requests may allow a remote attacker to bypass HTTPS and reveal private session information”.
During the last year, online crooks have realized that buying ads and lacing them with malicious code is an easy and cheap way of infecting victims with malware and get some money out of it.
As a result, “malvertising” in 2015 has almost tripled from the year prior, even if security firms have focused more on this threat, tracking down and reporting several cases of malvertising to the advertisers and publishers.
Now, the fight against malvertising is about to get tougher for internet defenders as criminal hackers have found an unlikely ally: web encryption.
he Obama Administration is weighing whether to come out in full support of unfettered encryption, something that would be a huge blow to the Feds, who have been pushing for compulsory backdoors in all new tech.
But there's something in the President's proposals that aren't quite right.
Argument over strong encryption reaches boiling point as Apple, Microsoft rebuff court orders for data access
A long-running debate concerning recent advances in consumer data encryption came to a head this summer when Apple rebuffed a Justice Department court order demanding access to iMessage transcripts, causing some in the law enforcement community to call for legal action against the company.
The worst thing about having a phone or laptop stolen isn’t necessarily the loss of the physical object itself, though there’s no question that that part sucks. It’s the amount of damage control you have to do afterward. Calling your phone company to get SIMs deactivated, changing all of your account passwords, and maybe even canceling credit cards are all good ideas, and they’re just the tip of the iceberg.