Blog Posts Tagged with "Browser Security"

3e35900ae6facc6c146a85c435c71d82

Tangled Web: A Guide to Securing Modern Web Applications

February 26, 2012 Added by:Ben Rothke

There is no doubt that some sites use cookies as a mechanism for malicious use. But that there is nothing that makes it uniquely suited for this task, as there are many other equivalent ways to sore unique identifiers on visitor’s computes, such as cache-based tags...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Google Circumvents Browser Privacy - Why We Need Do Not Track

February 26, 2012 Added by:Electronic Frontier Foundation

One way that Google can prove itself as a good actor is by providing meaningful ways for users to limit what data is collected. It’s time Google's third-party web servers start respecting Do Not Track requests, and time for Google to offer a built-in Do Not Track option...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Significance of 'Death of the Document Web' to Security

January 18, 2012 Added by:Rafal Los

Infosec pros just started getting comfy with profiling, analyzing, and defending web-based apps from a server, consumed by a human, and used in a browser. Hang on tight because the world just took a sharp left and if you're not buckled in you're bound to be thrown from the bus...

Comments  (2)

Fe3139b2aae983885565da7757da08a8

Chrome Most Secure? Depends on Your Frame of Reference

December 21, 2011 Added by:Ed Moyle

Until recently Chrome supported SSL 2.0 by default (seems like a major no-no in my humble opinion) and the fact that Firefox is the only one of the big three to have OCSP checking enabled by default. This aspect of "browsing security" is a "score one" for Firefox in my estimation...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Consortium Issues Baseline Requirements for SSL

December 20, 2011 Added by:Headlines

"The primary goal of these Requirements is to enable efficient and secure electronic communication, while addressing user concerns about the trustworthiness of Certificates. The Requirements also serve to inform users and help them to make informed decisions when relying on Certificates..."

Comments  (0)

C9f10ffa24531c96d85e0445499fd1e4

Browser-Based Malware: Decoding a PHP Backdoor

October 20, 2011 Added by:john melvin

This article is not an analysis of the backdoor, but instead describes the methodology and techniques used to decipher malicious code embedded and encoded in a seemingly normal web page. The following is a snippet of the PHP code that caught my attention and began my investigation...

Comments  (1)

71d85bb5d111973cb65dfee3d2a7e6c9

Should You Fear the BEAST?

September 29, 2011 Added by:f8lerror

BEAST is a Man-In-The-Middle (MitM) attack that injects plain text into the encrypted stream sent by the victim's browser via JavaScript during a MitM attack. Using injected plain text and the encrypted results, BEAST can eventually decrypt the entire HTTPS request and cookies...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Cybersecurity Awareness Month: Why Browsers Matter

September 29, 2011 Added by:Headlines

“Modern browsers provide significant value... especially in the areas of security and privacy. They help protect users from phishing sites and malicious downloads while supporting industry standards... We recommend that users update their browser to the latest version available....”

Comments  (0)

69dafe8b58066478aea48f3d0f384820

BEAST Emerges: Browser Exploit Against SSL/TLS

September 26, 2011 Added by:Headlines

"Cookie[s] [are] encrypted so that an attacker can't grab it and use it himself on your online banking site and impersonate you. But now they are able to decrypt those cookies on the fly and then hijack that session with the secure site and effectively impersonate you..."

Comments  (3)

Bddd055f2567b4952d8416e168aace64

Web Insecurity: 7 Steps We Should Demand of Advertisers

September 12, 2011 Added by:Chris Weber

The advertising industry can should mitigate the threat of malware by constraining the capabilities of scripting to address arbitrary content, proxying content, and filtering content for malware. Here are seven security essentials that web servers and advertisers must undertake...

Comments  (0)

F29746c6cb299c1755e4087e6126a816

How to Avoid the 9/11 Scams

September 10, 2011 Added by:Kelly Colgan

Osama bin Laden’s death wasn’t a day old before hackers moved in, flooding social network sites with spam—links that promised images of the al-Qaeda leader but that led to corrupted Flash plug-ins. Today's 10th anniversary of the 9/11 attacks will be no different...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

CERT Malaysia Releases DNSwatch Tool

August 30, 2011 Added by:Headlines

"DNSwatch will help you avoid known bad websites or sites that will trick your computer into downloading and installing malicious programs on your computer. Even better, DNSwatch will also prevent you from accessing malicious websites that you may not even know your computer is trying to access..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Microsoft Ceases Using Supercookies to Track Users

August 22, 2011 Added by:Headlines

“We don't really know what they were doing with this information, but it's not obvious what this explanation would be. The burden is on Microsoft to explain how it came to be there and how they used it and what they're going to do to make sure it doesn't happen again..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Encrypting the Web with HTTPS Everywhere

August 08, 2011 Added by:Headlines

"Your online reading habits and activities are vulnerable to eavesdropping, and your accounts are vulnerable to hijacking... Electronic Frontier Foundation created HTTPS Everywhere to make it easier for people to keep their user names, passwords, and browsing histories secure and private..."

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Microsoft: WebGL is Too Dangerous to Support

June 28, 2011 Added by:Bill Gerneglia

If there is one thing that Microsoft knows well, it is security holes in operating systems and device drivers. They have been heavily engaged in finding complex engineering solutions to solve some of the most difficult security compromises for more than 20 years. We should all listen to this warning...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Facebook's Project Spartan - Tempest in a Broken Teapot

June 24, 2011 Added by:Rafal Los

While some analyses of the super-secret Project Spartan that Facebook is supposedly working on center around the Apple vs. Facebook apps war brewing - I think the focus is something else entirely. I think the focus, from a technology perspective, is HTMLv5...

Comments  (1)

Page « < 1 - 2 - 3 - 4 > »