HSTS approved as proposed standard
The Internet Engineering Steering Group (IESG) has approved the HTTP Strict Transport Security protocol (HSTS) as a proposed standard, which means that we can look forward to …
Universal Man in the Browser attack targets all websites
Trusteer have discovered a new Man in the Browser (MitB) scam that does not target specific websites, but instead collects data submitted to all websites without the need for …
Pen-testing Cookie Cadger continues where Firesheep left off
When the Firesheep extension was revealed to the world in late 2010, its developer said that his main goal was to get sites to switch to full end-to-end encryption, i.e. SSL. …
Chrome 22 released, researchers awarded $30K in bug bounties
Chrome v22 has been released, and with it over 40 vulnerabilities – 15 of which high-severity – have been closed. Google’s reward program for the responsible …
Microsoft offers Fix it for IE zero-day, announces security update
Microsoft has released the Fix it solution for the IE zero-day memory-corruption vulnerability that is currently being exploited in attacks, and has promised a security update …
Google adds Do Not Track support to Chrome
The next official release of Google’s Chrome browser will more than likely support the Do Not Track (DNT) initiative by sending the DNT HTTP header to websites if the …
Google ups prizes in Chromium bug bounty program
Since a vulnerability rewards program for open source web browser project Chromium was instituted in early 2010, many vulnerabilities have been found and dealt with, and …
Microsoft confirms IE10 will have “Do Not Track” on by default
When Microsoft released the preview of Internet Explorer 10 at the beginning of June and announced that in Windows 8 the browser will be sending a “Do Not Track” …
Scientists develop tool for improving app security
A team led by Harvard computer scientists, including two undergraduate students, has developed a new tool that could lead to increased security and enhanced performance for …
Firefox gains Google encrypted search by default
With this latest Firefox release (v14.0.1), Mozilla has fixed a slew of security vulnerabilities, including five deemed critical that may have allowed hackers to run attacker …
Google will block Chrome add-ons from third-party sites
Google has instituted a new rule that should keep Chrome users safe from malicious add-ons: starting with version 21.0.1180.41 (currently in beta), the browser will block all …
IE10 will have “Do Not Track” on by default
As Microsoft released the preview of the next version of its Internet Explorer browser, news that in Windows 8 the browser will be sending a “Do Not Track” signal …