In the wake of last week's cookie security warning, accomplished Polish penetration tester Dawid Czagan has dug up a separate issue with Apple's Safari.
The bug Czagan has reported to Apple relates to its handling of the HTTPOnly flag, again leaving cookies open to attack.
A whole lot of work rolling out HTTP security is being undermined by bad browser implementation that facilitates man-in-the-middle attacks.
CERT has warned that all of the major browser vendors have a basic implementation error that mean “cookies set via HTTP requests may allow a remote attacker to bypass HTTPS and reveal private session information”.
Uber is attempting to squash the use of hacked customer accounts that have most likely been sold on the dark web and are currently being used in China.
Several Uber customers tweeted that their Uber app notified them that they had recently taken a Uber ride in China, when in fact they were nowhere near that country, according to Motherboard.
It’s not a trend that gamers are especially ecstatic about, but in-app purchases (IAP) have become a major element of mobile gaming. It’s how many of the biggest games on the App Store stay afloat, but earlier this week, the developers at DigiDNA discovered a coding flaw that could allow hackers to steal thousands of dollars worth of IAP from popular games.
It's a question that occurs to many of us: if digital security is such a minefield, how do you keep your personal data safe?
One person who knows about the risks is Adam Langley. As a security engineer at Google, he makes key decisions about how your data is spread around the internet. He also has access to systems that would have hackers salivating.
So how does Adam make sure he's not taken for a ride? Not how you'd think. Speaking at a conference at CloudFlare headquarters in San Francisco, he outlined his strategy.