tag
HTTPS

Reddit goes HTTPS, joins Wikipedia at security table

Popular meme site Reddit has announced that it will soon encrypt all traffic with HTTPS by default.

Wikipedia switches to HTTPS by default

Wikimedia has announced that all of its web properties – including the enormously popular crowd-sourced dictionary Wikipedia – will now use HTTPS encryption by default.

Logjam attack leaves tens of thousands of HTTPS websites vulnerable

Tens of thousands of HTTPS websites, mail servers and other internet services could be left vulnerable by a flaw that would allow criminals to snoop and modify encrypted data.

1,500 iOS apps open to simple man-in-the-middle attacks

Around 1,500 apps for iPhone and iPad contain an HTTPS vulnerability making it ‘trivial’ for hackers to perform man-in-the-middle attacks to steal passwords, bank details and other private information.

Phishing clásico expuesto: dueños de tarjetas de crédito como blanco

Los ataques de phishing ya son parte del escenario habitual de estafas informáticas, y la razón es sencilla: más allá de la poca creatividad de los atacantes, las víctimas quieren creer en las promesas de los atacantes, que ofrecen desde viajes para ver el Mundial Brasil 2014 de la FIFA hasta autos nuevos, dinero en

Twitter actualiza API v1.1 en busca de una plataforma más segura

Twitter hace poco lanzó unas actualizaciones en su API disponible para desarrolladores. A continuación se presentan algunas particularidades introducidas y lo que esto significa para la protección de la información de sus usuarios. Cuando se habla de Twitter y la seguridad de la información de sus usuarios nos encontramos con medidas como la opción de

Usuarios de banco argentino afectados por phishing

En el Laboratorio de ESET Latinoamérica recibimos un correo con una nueva campaña de phishing enfocada en usuarios de un conocido banco en Argentina. En este caso se trata de un correo electrónico que recibe la víctima, con la característica que el remitente dice ser el banco afectado y la dirección de correo desde donde

La concientización ayuda a la seguridad

La seguridad informática es una temática que está teniendo una muy grande repercusión, más que nada en un equipo conectado a Internet, que es el foco principal de propagación de malware. Para esto se han generado distintas políticas de seguridad, como por ejemplo la navegación con el protocolo HTTPS, para navegar en sitios que contengan

Bypassing code signing policy: welcome to the (Eko)party

ESET researchers Aleksandr Matrosov and Eugene Rodionov just gave a talk on Defeating x64: Modern Trends of Kernel-Mode Rootkits

Facebook Privacy: An Easy How-to Guide to Protecting Yourself

Introduction As the sun is setting and I breathe some of the night time air I am inspired to write about Facebook.  Yes, *the* Facebook, the third largest country if it were a physical place with boundaries under a common rule of law and government.  When many people use a service such as this, it

Facebook’s Search and Destroy

An article came out yesterday from Clement Genzmer who is a security engineer at Facebook.  His tagline is "searching and destroying malicious links".  Those of us in the business of digital security and safety can certainly identify with that, especially the part where we aim to identify the criminals and work with law enforcement to

Politicians Better at Security than Twitter, Yahoo, and Amazon

Recently Senator Schumer from New York wrote a letter (http://www.infosecurity-us.com/view/16328/senator-schumer-current-internet-security-welcome-mat-for-wouldbe-hackers/) to Twitter, Yahoo, and Amazon asking them to make SSL the default for internet connections. What this means is that instead of an http connection they should provide and https connection by default. This is important because with http connections you are exposed to risk

Change your Facebook account settings for better privacy and security

Update 6/1/2011: Paul Laudanski has published an extensive guide to Facebook privacy, which is quite a remarkable feat since there is precious little privacy on Facebook :) Little privacy, but a whole lot of settings! Check it out at http://blog.eset.com/2011/05/25/facebook-privacy Facebook comes up a lot in this blog. Recently I wrote about the Hidden Face

The Hidden Face of Facebook Security

Facebook actually does have some exceptionally talented security professionals. They have almost no depth in privacy, but they have real security talent. A part of the problem is that the Facebook culture is anti-security and that is a very tough obstacle for their security professionals. Facebook security is by marketing design. Take a look at

Stealing from Santa (Scammers’ Holiday Season)

My colleague Urban Schrott, from ESET Ireland, wrote a nice feature article for our monthly ThreatSense report (which should be available shortly on the Threat Center page at http://www.eset.com/threat-center) on seasonal scams. As the scam season is starting to get into full swing, we thought it might be good to give it a wider audience here.

Ten Ways to Dodge Cyber-Bullets (Part 9)

[Part 9 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series is now available as a white paper at http://www.eset.com/download/whitepapers.php.] Be Wireless, not Careless Don’t connect to just any “free Wi-Fi” access point: it might alter your DNS queries or be the “evil twin” of

Reporte de amenazas de octubre

Para quienes estamos día a día detrás de este blog, octubre fue un mes bastante agitado en el que hemos ofrecido capacitaciones en varios países. Sin embargo, las acciones maliciosas generadas por el malware tampoco se tomaron descanso. Como lo hacemos cada mes, les proponemos un resumen de los hechos más relevantes en materia de

English Version of HTTPS video

As promised earlier (see http://www.eset.com/threat-center/blog/2009/10/07/https-revisited-spanish-video) an English version of ESET Latin-America’s demonstration video of a phishing attack using HTTPS is now available at http://www.eset-la.com/centro-amenazas/videos/phishing-https-english/.  Those earlier blogs again: http://www.eset.com/threat-center/blog/2009/10/06/ssl-to-certify-web-security-is-not-to-guarantee-it  http://www.eset.com/threat-center/blog/2009/10/04/truth-fiction-and-https   Thanks, Sebastián! David Harley BA CISSP FBCS CITP Director of Malware Intelligence ESET LLC ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog ESET Threatblog notifications on Twitter:

HTTPS revisited – Spanish video

Further to our blogs on HTTPS and SSL certificate issues – see http://www.eset.com/threat-center/blog/2009/10/06/ssl-to-certify-web-security-is-not-to-guarantee-it and http://www.eset.com/threat-center/blog/2009/10/04/truth-fiction-and-https – Sebastián Bortnik has been talking to us today about a video that ESET Latin-America have put together demonstrating a phishing attack using HTTPS. If your Spanish is better than mine, you can check it out here. However, we’ve been working on an

SSL: to certify web security is not to guarantee it

Hard on the heels of the translated blog by Sebastián Bortnik that I posted at the weekend comes news from the Register (http://www.theregister.co.uk/2009/10/05/fraudulent_paypay_certificate_published/) of a bogus Paypal SSL certificate released yesterday exploiting a bug in Microsoft’s crypto API that has remained unpatched for more than two months, when Moxie Marlinspike (can I have a handle

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2015 ESET, All Rights Reserved.