Archive for the ‘Web Security’ Category

Italian charged with hiring “dark web hitman” to murder his ex-girlfriend

In a brief yet fascinating press release, Europol just announced the arrest of an Italian man who is accused of “hiring a hitman on the dark web”. According to Europol: The hitman, hired through an internet assassination website hosted on the Tor network, was paid about €10,000 worth in Bitcoins to kill the ex-girlfriend of the […]

Leave a Comment

IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions

IETF has formally deprecated the TLS 1.0 and TLS 1.1 cryptographic protocols because they lack support for recommended cryptographic algorithms and mechanisms The Internet Engineering Task Force (IETF) formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Both versions lack support for current and recommended cryptographic algorithms and mechanisms. TLS […]

Leave a Comment

Chrome to Enforce HTTPS Web Protocol (Like It or Not)

If you type in securityboulevard.com, Chrome version 90 will send you directly to the secure version of the site. Surprisingly, that’s not what it currently does—instead, Google’s web browser relies on the insecure site to silently redirect you. That’s slow. And it’s a privacy problem, potentially. This seemingly unimportant change could have a big—if unseen—impact. So long, cleartext web. In […]

Leave a Comment

Tackling cross-site request forgery (CSRF) on company websites

CSRF arises because of a problem with how browsers treat cross origin requests. Take the following example: a user logs into site1.com and the application sets a cookie called ‘auth_cookie’. A user then visits site2.com. If site2.com makes a request to site1.com, the browser sends the auth_cookie along with it. Normally this doesn’t matter, if […]

Leave a Comment

Exploiting Spectre Over the Internet

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to this exploitation vector. We […]

Leave a Comment

What is HTTPS?

HTTPS secures the connection to the website you are visiting. I’m sure you have seen this in action; look at the address bar in the browser and find the lock icon on the left-hand side. Is the lock closed? Then the connection is secure. Is it open, or is there another type of icon or […]

Leave a Comment

Another Chrome zero-day exploit – so get that update done!

Almost exactly a month ago, or a couple of days under an average month given that February was the short one, we warned of a zero-day bug in Google’s Chromium browser code. Patch now, we said. And we’re saying it again, following Google’s otherwise cheery release of version 89.0.4389.72: The Chrome team is delighted to announce the promotion of Chrome 89 […]

Leave a Comment

“ScamClub” gang outed for exploiting iPhone browser bug to spew ads

Digital ad company Confiant, which claims to “improve the digital marketing experience” for online advertisers by knowing about and getting rid of malicious and unwanted ads, has just published an analysis of a malvertising group it calls ScamClub. According to Confiant, this group is behind a massive number of those annoying and scammy popup campaigns you will almost […]

Leave a Comment

Browser Tracking Using Favicons

Interesting research on persistent web tracking using favicons. (For those who don’t know, favicons are those tiny icons that appear in browser tabs next to the page name.) Abstract: The privacy threats of online tracking have garnered considerable attention in recent years from researchers and practitioners alike. This has resulted in users becoming more privacy-cautious and browser vendors […]

Leave a Comment

PayPal addresses reflected XSS bug in user wallet currency converter

PayPal has fixed a reflected cross-site scripting (XSS) vulnerability that was discovered in the currency converter feature of user wallets on February 19, 2020, close one year ago. The ‘reflected XSS and CSP bypass’ vulnerability was reported by the bug bounty hunter “Cr33pb0y” through the HackerOne platform. “An endpoint used for currency conversion was found […]

Leave a Comment

Microsoft warns of the rise of web shell attacks

An Introduction to Web Shells

Leave a Comment

Malicious Chrome sync feature can help hackers steal your data

Leave a Comment

How Venturing Into The Shady Side of The Dark Web Will Most Likely Get You Scammed or Arrested

The internet has come to be so developed, complex and ‘intelligent’ that, at present, you could say it is alive (like Skynet or The Matrix predicted?). Billions of people are online, every day, using the internet for work, entertainment, advice, you name it -it’s probably on the internet. We are now in the age of Artificial Intelligence and Big Data (or […]

Leave a Comment

Holistic InfoSec For Web Developers

This book begins by taking the reader to the 30,000′ view, so you can start to see the entire security landscape. I then attempt to explain a very simple threat modelling approach that I believe Bruce Schneier created, called the Sensible Security Model (SSM). We take the learnings from the first chapter and apply them […]

Leave a Comment

Chrome zero-day browser bug found

Leave a Comment

2 new zero-day vulnerabilities in WordPress Plugin

Leave a Comment

Penetration Testing

Penetration Testing is a method that many companies follow in order to minimize their security breaches. This is a controlled way of hiring a professional who will try to hack your system and show you the loopholes that you should fix. Before doing a penetration test, it is mandatory to have an agreement that will […]

Leave a Comment

Domain for programming website Perl.com hijacked

Leave a Comment

The mystery of the missing Perl website

Leave a Comment

Open source tool was incorrectly labeled as a threat by Chrome’s Safe Browsing

Leave a Comment