Our tech panel looks at how Uber (secretly) handled last year's hack and the controversy around Google's decision to track Android users' locations. Then it's time to discuss why AWS is selling off hardware in China and what Mozilla is up to with its new Firefox Quantum.
Credit to Author: Gregg Keizer| Date: Sat, 14 Oct 2017 12:58:00 -0700
Microsoft’s Edge browser, the default in Windows 10, blocked a higher percentage of phishing and socially-engineered malware (SEM) attacks than Google’s Chrome and Mozilla’s Firefox, a Texas security testing firm said Friday.
According to NSS Labs of Austin, Tex., Edge automatically blocked 92% of all in-browser credential phishing attempts and stymied 100% of all SEM attacks. The latter encompassed a wide range of attacks, but their common characteristic was that they tried to trick users into downloading malicious code. The tactics that SEM attackers deploy include links from social media, such as Facebook and Twitter, and bogus in-browser notifications of computer infections or other problems.
To read this article in full or to leave a comment, please click here
Credit to Author: Gregg Keizer| Date: Fri, 15 Sep 2017 11:41:00 -0700
Google has finalized a schedule that, over the next 12 months, will send companies scrambling to replace the digital certificates that secure their websites or risk being viewed with suspicion by users running Chrome, the world’s most popular browser.
“Companies are staring down the barrel of a boat load of work,” said David Anthony Mahdi, a research director at Gartner, and the industry research firm’s resident expert on digital certificates and the CAs (certificate authorities) that issue them. “This is massive.”
Beginning with Chrome 66, currently set to show up the third week of April next year, Google will “remove trust in Symantec-issued certificates issued prior to June 1, 2016,” wrote three members of the browser’s security team, in a post to a company blog. “If you are a site operator with a certificate issued by a Symantec CA prior to June 1, 2016, then prior to the release of Chrome 66, you will need to replace the existing certificate with a new certificate from any Certificate Authority trusted by Chrome.”
To read this article in full or to leave a comment, please click here
Credit to Author: John Brandon| Date: Fri, 08 Sep 2017 11:14:00 -0700
When Gartner ranks a data breach as a 10 on a scale of 1-10, you know there is cause for alarm. A recent compromise at Equifax, a consumer credit reporting agency, resulted in 143 million records being stolen. Of those, at least 209,000 involved stealing a credit card number and over 182,000 records had to do with credit card disputes.
To read this article in full or to leave a comment, please click here
Credit to Author: Michael Horowitz| Date: Sun, 16 Jul 2017 12:56:00 -0700
TLS is the protocol invoked under the covers when viewing secure websites (those loaded with HTTPS rather than HTTP). There are multiple versions of the TLS protocol, and the most recent version, 1.2, is the most secure. Last time, I discussed tweaking Firefox so that it only supports TLS version 1.2 and not the older versions (1.0 and 1.1) of the protocol.
But that begs the question: what happens when a security-reinforced copy of Firefox encounters a website that does not support TLS 1.2? The answer is shown below.
To read this article in full or to leave a comment, please click here
Credit to Author: Lily Hay Newman| Date: Tue, 18 Apr 2017 11:00:06 +0000
When a phishing attack can impersonate a trusted site it’s even harder to know that it’s happening. The post Sneaky Exploit Allows Phishing Attacks From Sites That Look Secure appeared first on WIRED.
Read more