Did you receive this email too ? Twitter is telling us that despite the fact that they stored the just the hashes of the passwords in their DB, they have been logging the plain text password in their backend. Stupid ?! Hell yes! But the even more stupid thing is this: WHY DO THEY SEND […]
JavaScript and Java are similar in some ways but fundamentally different in some others. The JavaScript language resembles Java but does not have Java’s static typing and strong type checking. JavaScript follows most Java expression syntax, naming conventions and basic control-flow constructs which was the reason why it was renamed from LiveScript to JavaScript. In […]
Microsoft has released an updated guide on driver security. This new guide offers advice that developers could use to ensure Windows drivers are secured against basic attacks and preventable flaws. Driver Security Guidance This section contains information on enhancing driver security. In this section Topic Description Driver security checklist This topic provides a driver […]
Starting March 1, 2018, Windows Defender Antivirus and other Microsoft security products will classify programs that display coercive messages as unwanted software, which will be detected and removed. If you’re a software developer and want to validate the detection of your programs, visit the Windows Defender Security Intelligence portal. Unwanted software Identifying and analyzing unwanted software is a complex challenge. […]
Source: https://www.mcafee.com/us/resources/reports/restricted/economic-impact-cybercrime.pdf In 2014, taking into account the full range of costs, CSIS estimated that cybercrime cost the world between $345 billion and $445 billion. As a percentage of global GDP, cybercrime cost the global economy 0.62% of GDP in 2014. Using the same methods, CSIS now believe the range is now between $445 billion and $600 billion. Our […]
If you’re confused by the avalanche of early reports, denials, and conflicting statements about the massive security issues announced in the last days, don’t worry — you’re far from the only one. Here’s what you need to know about Meltdown and Spectre, the two huge bugs that affect practically every computer and device out there. […]
I wrote 4 months ago (Aug 14) about the switch to HTTPS per default on the new site ITSecurityNews.info. A week ago I wrote about the experiment of enhancing the headers of the website to show full compatibility with HSTS. Experiment started: HTTPS for ITSecurityNews.info Moving to HSTS Now it is too early to […]
HTTP Strict Transport Security (HSTS) is a policy mechanism that allows a web server to enforce the use of TLS in a compliant User Agent (UA), such as a web browser. HSTS allows for a more effective implementation of TLS by ensuring all communication takes place over a secure transport layer on the client side. Most notably HSTS […]
I reviewed the headers of my IT Security News website https://www.itsecuritynews.info/ in order to add HSTS. This is what I can see in the headers. The certificate used to load https://www.itsecuritynews.info/ uses an SSL certificate that will be distrusted in an upcoming release of Chrome. Once distrusted, users will be prevented from loading this […]
We have ta lot of phishing attempts in German against Strato.de: Subject: Wir haben ein Abrechnungsproblem festgestellt. Sehr geehrter Kunde, Wir haben ein Abrechnungsproblem festgestellt. Diese Art von Fehlern zeigt normalerweise an, dass die Kreditkarte abgelaufen ist oder Ihre Rechnungsadresse ist ungültig. Klicken Sie auf den folgenden Link, um Ihre Informationen zu aktualisieren: https://www.strato.de/apps/CustomerService#/skl […]
You must be logged in to post a comment.