http/s   60

« earlier    

Half of all Phishing Sites Now Have the Padlock — Krebs on Security
Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”.
Recent data from anti-phishing company PhishLabs shows that 49 percent of all phishing sites in the third quarter of 2018 bore the padlock security icon next to the phishing site domain name as displayed in a browser address bar. That’s up from 25 percent just one year ago, and from 35 percent in the second quarter of 2018.
This alarming shift is notable because a majority of Internet users have taken the age-old “look for the lock” advice to heart, and still associate the lock icon with legitimate sites. A PhishLabs survey conducted last year found more than 80% of respondents believed the green lock indicated a website was either legitimate and/or safe.
phishing  security  privacy  HTTP/S  krebs  browser 
21 days ago by rgl7194
Netflix Dominates Internet Traffic Worldwide, BitTorrent Ranks Fifth - TorrentFreak
Nearly 14% of all internet traffic worldwide is generated by Netflix, new data from Sandvine shows. This makes the streaming giant the dominant traffic source. BitTorrent is listed in fifth place, which is driven in large part by traffic from the Asia-Pacific region, where the file-sharing protocol even beats Netflix.
Over the years we have closely followed various reports on Internet traffic changes, specifically in relation to BitTorrent.
Many of these came from the Canadian broadband management company Sandvine, which often focused on the popularity of different types of traffic in specific regions.
internet  netflix  HTTP/S  media  youtube  bittorrent 
27 days ago by rgl7194
Let’s Encrypt takes free “wildcard” certificates live | Ars Technica
In a victory for securing Web, anybody can now get a certificate valid for every site in a domain.
In July of 2017, the nonprofit certificate authority Let's Encrypt promised to deliver something that would put secure websites and Web applications within reach of any Internet user: free "wildcard" certificates to enable secure HTTP connections for entire domains. Today, Let's Encrypt took that promised service live, in addition to a new version of the Automated Certificate Management Environment (ACME) protocol, an interface that can be used by a variety of client software packages to automate verification of certificate requests.
ACME version 2 "has gone through the IETF standards process," said Josh Aas, executive director of the Internet Security Research Group (ISRG), the group behind Let's Encrypt, in a blog post on the release. ACME v2 is currently a draft Internet Engineering Task Force standard, so it may not yet be in its final form. But the current version is the result of significant feedback from the industry. And its use is required to obtain wildcard certificates.
security  privacy  encryption  HTTP/S  free  internet 
8 weeks ago by rgl7194
Daring Fireball: The Great DF Random Slowdown Should Be Over
This week, DF has seemed incredibly slow for some people, sometimes. Here’s a Twitter search for tweets to me with the word “slow” this week. This was killing me, because I pride myself on Daring Fireball being a fast-loading website, and because this was a pretty big week content-wise.
It was not my server, and had nothing to do with higher levels of traffic from my iPhone XS and Series 4 Apple Watch reviews. When DF itself is slow — which happens rarely but does happen — you almost always see DF’s trademark #4a525a slate gray background first, then the elements of the page slowly fill in. If you experienced slowness this week, you probably just saw a white background in your browser tab, and then all of a sudden the whole thing filled in. This sometimes took 30-60 seconds. Long story short, it was taking that long for the initial request to even get to my server; once it did, everything after that was as fast as usual. I’m still not sure what exactly was causing this, but I’ve worked around it by having Cloudflare act as an HTTP/S proxy for If any of you continue to see slow page loads, let me know.
daring_fireball  web2.0  performance  DNS  safari  HTTP/S 
12 weeks ago by rgl7194
The Five Essential Privacy Extensions For Firefox - GreyCoder
These are the five essential privacy extensions for the Firefox web browser. They complement each other well, and work silently in the background:
uBlock Origin
Privacy Badger
HTTPS Everywhere
Cookie Autodelete
uBlock Original and Privcy Badger
uBlock Origin and Privacy Badger are the best advertising blockers available. They also block invisible web trackers. When both are installed, Privacy Badger will catch some trackers that uBlock Origin misses.
Cookie Autodelete
Cookie Autodelete will automatically delete cookies when a browser tab closes. You can whitelist the ones you trust while deleting the rest. A wonderful solution to tracking cookies.
HTTPS Everywhere
HTTPS Everywhere is an extension that ensures you always visit the secure version of a website, if it is available.
Decentraleyes is an extension avoids tracking by creating local versions of hosted libraries. It prevents a lot of requests from reaching networks like Google Hosted Libraries. Thus it helps to reduce your network load.
firefox  plugins  tracking  privacy  cookies  HTTP/S 
august 2018 by rgl7194
HTTP Security Considerations - An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.
HTTP is the protocol that powers the web and to penetrate via a web service it pays to have a good solid foundational understanding of HTTP, how it works and the common response codes – many of which can lead to some kind of vulnerability which is exploitable.
HTTP/S  101  security  privacy  web 
august 2018 by rgl7194
HTTP Injector Apps Are Becoming a Popular Method to Obtain Free Internet Access
"HTTP injector" apps traded in public Telegram channels are becoming a popular method of gaining free Internet access on mobile devices.
Such apps work by modifying HTTP headers on network requests with malicious code that tricks "captive portals" into giving the user access to the Internet.
Captive portals are the temporary web pages that some mobile telcos or private WiFi networks show users when trying to access the Internet, sometimes asking for a password or urging the user to recharge his SIM card's credit.
HTTP/S  free  internet  hack  security  privacy 
june 2018 by rgl7194
IETF Approves TLS 1.3 as Internet Standard
The Internet Engineering Task Force (IETF) —the organization that approves proposed Internet standards and protocols— has formally approved TLS 1.3 as the next major version of the Transport Layer Security (TLS) protocol.
The decision comes after four years of discussions and 28 protocol drafts, with the 28th being selected as the final version.
TLS 1.3 is now expected to become the standard method in which a client and server establish an encrypted communications channel across the Internet —aka HTTPS connections.
internet  standards  www  security  privacy  HTTP/S 
march 2018 by rgl7194
Firefox 59 Will Add a New Privacy Feature That Strips Sensitive Data From URLs
Firefox 59 will strip referrer information from URLs while the user is in Private Browsing mode. The measure is meant to safeguard users from accidental data leaks of sensitive information.
Referrer information is a crucial part of how the web and browsers work, but not something that a casual, non-technical user would be aware of.
Referrer info is the information transmitted by a browser when the user clicks on a link. For example, if a user clicks a link for Website 2 on Website 1, the webmaster of Website 2 will know that the new user who landed on his site came from Website 1.
This happens because HTTP requests come with a field named "Referrer Value" that store the origin of an HTTP request.
firefox  URL  security  privacy  HTTP/S 
february 2018 by rgl7194
Part 2: All rise! Mind these digital crimes and arm your business against them - Malwarebytes Labs | Malwarebytes Labs
In the first installment of this two-part series, we advised consumers to stay on top of a selection of up-and-coming crimes to significantly lessen the chances of encountering them in the future. For this post, we’re going to look into digital crimes that keeps small businesses and large enterprises on their toes: cloud attacks, attacks over SSL, ATM malware, and RDoS attacks.
It’s important to note that regardless of any digital attack an organization might face, fostering a culture of cybersecurity plays a massive role in arming employees with knowledge of what these attacks are and how they should respond if and when such incidents happen.
Let’s begin!
privacy  security  cloud  HTTP/S  malware  DDOS 
november 2017 by rgl7194
How Captive Portals Interfere With Wireless Security and Privacy | Electronic Frontier Foundation
If you have ever wanted to use the wifi at a coffee shop or library, you have probably had to click through a screen to do it. This screen might have shown you the network’s Terms of Service and prompted you to click an “I agree” button. Depending on where you were, it might have asked you for information about yourself, like your email, social media accounts, room number (in a hotel), account number (in a library), or other identifying information. Sometimes you even have to watch a short video or ad before wifi access is granted.
These kinds of screens are called captive portals, and they interfere with wireless security without providing many user benefits.
wi-fi  privacy  security  technology  HTTP/S  authentication 
september 2017 by rgl7194
Here’s How to Protect Your Privacy From Your Internet Service Provider | Electronic Frontier Foundation
We pay our monthly Internet bill to be able to access the Internet. We don’t pay it to give our Internet service provider (ISP) a chance to collect and sell our private data to make more money. This was apparently lost on congressional Republicans as they voted to strip their constituents of their privacy. Even though our elected representatives have failed us, there are technical measures we can take to protect our privacy from ISPs.
Bear in mind that these measures aren’t a replacement for the privacy rules that were repealed or would protect our privacy completely, but they will certainly help.
security  privacy  vpn  internet  ISP  do_not_track  cookies  HTTP/S  tor 
june 2017 by rgl7194
HTTPS... Everywhere! - Malwarebytes Labs | Malwarebytes Labs
We recently updated our redirections rule in HTTPS-Everywhere, a browser extension that automatically redirects you to the HTTPS version of the website you are trying to visit. Now is a good time for us to give a short overview of how important HTTPS is. We’ll also talk about a few major HTTPS-related events that happened lately.
When we browse the web, several third-parties are able to snoop on the connection between the user and the website, including the user’s ISP, law enforcement, the website’s ISP, and other people in between.
security  privacy  anonymity  encryption  HTTP/S  internet 
june 2017 by rgl7194
11 tips for protecting your privacy and digital security in the age of Trump
As of January 20, Donald Trump is the president of the United States, which has prompted deep concerns from many over the constraints his administration may place on our ability to connect, express, and spread information safely.
Trump, a longstanding adversary of the free press, has expressed support for expanded surveillance powers, insulted and blacklisted both individual journalists and entire news organizations, selected an Attorney General appointee who actively eschews commitments to protecting a free press, and has called for leak investigations that would ensnare both sources and journalists. If these comments and actions are any indication, both the press and ordinary citizens may be forced more than ever before to use technology to keep their communications safe.
privacy  security  digital  gov2.0  trump  politics  software  passwords  1password  2FA  signal  encryption  messaging  browser  HTTP/S  vpn  phishing 
march 2017 by rgl7194
You Can Easily Use Encryption: Here's How
SAN FRANCISCO — Strong encryption is easy and available for all, security researcher Jessy Irwin told attendees at the RSA Conference here yesterday (March 3).
"Most people think, 'Security is really hard, and I want to learn more, but I have no idea where to start,'" Irwin said. "But that's not true."
You need to do only a few things to drastically improve your security posture, Irwin said: Use a password manager; fully encrypt your computers and smartphones; and use end-to-end-encrypted communication services.
privacy  security  encryption  mac  ios  passwords  1password  vpn  email  HTTP/S  messaging  tor 
march 2017 by rgl7194
The Cloudflare Incident And Its Impact On | Sniff free or die
Cloudflare recently announced a security incident that potentially impacts anyone who visited various and sites for the past six months.
What happened?
Cloudflare is a popular service that provides content delivery, DDoS protection and DNS services for web sites.
A software bug Cloudflare’s servers leaked potentially sensitive information. Some of that information ended up in caches all over the Internet. At Google, Microsoft, your ISP, your company’s or university’s proxy servers, and elsewhere. Due to the randomness and distributed nature of the bug, it’s difficult to know what the full impact is. Cloudflare provides the following estimate:
“The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests).”
The bug was introduced on September 22, 2016 and fixed on February 18th, 2017.
cloudbleed  encryption  HTTP/S  privacy  security  authentication  bug  passwords  cookies  google 
february 2017 by rgl7194
Incident report on Cloudflare parser bug – Feedly Blog
Cloudflare reported last night a bug in their service which could have leaked information from the services using their edge cache servers.
Feedly uses Cloudflare as a security shield which increases the reliability and performance of the Feedly web application. As such, Cloudflare informed us it is possible that some of the Feedly Web request performed between Feb 13 and Feb 18 might have been impacted by the information leak.
Despite the 1 in 3,300,000 chances of being impacted, we recommend to be extra cautious and take the following actions...
cloudbleed  encryption  HTTP/S  privacy  security  authentication  bug  passwords  cookies  google  RSS 
february 2017 by rgl7194
CloudBleed: What you need to know | iMore
CloudFlare, a popular internet intermediary service that provides performance and security for a host of other sites, has had a large data leak.
Dubbed "CloudBleed", it made potentially sensitive information available online, including from popular sites like OKCupid and Authy.
What happened with Cloudflare?
From the CloudFlare blog:
Last Friday, Tavis Ormandy from Google's Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare.
It turned out that in some unusual circumstances, which I'll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.
cloudbleed  encryption  HTTP/S  privacy  security  authentication  bug  passwords  cookies  google 
february 2017 by rgl7194
On the Wire Podcast: Nick Sullivan on the Cloudflare Memory Leak | On the Wire
Cloudflare is one of those companies that most normal Internet users may never have heard of, but rely on every day. The company’s infrastructure protects a large fraction of the global Internet’s sites and so when a bug emerges in its systems, it’s a Big Deal. The memory leak vulnerability that Cloudflare disclosed this week fits into that category. It resulted from a weird confluence of events and the main effect was that private data from some Cloudflare customers was leaked on the web over the last few months. Dennis Fisher spoke with Nick Sullivan, head of crypto at Cloudflare, about the vulnerability, the response process, and what the company learned from all of it.
cloudbleed  encryption  HTTP/S  privacy  security  authentication  bug  passwords  cookies  google  podcast 
february 2017 by rgl7194
Cloudflare Memory Leak Bug Exposed Private Customer Data | On the Wire
Cloudflare, one of the larger content-delivery networks and DNS providers on the Internet, had a critical bug in one of its services that resulted in sensitive customer data such as cookies, authentication tokens, and encryption keys being leaked and cached by servers around the world.
The vulnerability was in an HTML parser that Cloudflare engineers had written several years ago but had recently replaced by a newer one. The company was migrating various services from the old parser, written using Ragel, to the new one, and a change made during that process is what caused the bug to activate and begin leaking memory with private information in it. The bug active for several days, and Cloudflare said the most critical period was Feb. 13 to Feb. 18.
cloudbleed  encryption  HTTP/S  privacy  security  authentication  bug  passwords  cookies  google 
february 2017 by rgl7194

« earlier    

related tags

10.11  101  1password  2fa  anonymity  apple  apps  ars_technica  authentication  bittorrent  bluetooth  browser  bug  censorship  cloud  cloudbleed  cookies  daring_fireball  ddos  digital  dns  do_not_track  eff  email  encryption  firefox  flash  freak  free  google  gov2.0  hack  html5  internet  ios  ios10  ios9  isp  krebs  lets_encrypt  library  mac  macos  malware  media  messaging  netflix  news  passwords  performance  phishing  plugins  podcast  politics  privacy  proxy  rootless  rss  safari  safety  security  signal  software  standards  technology  tools  tor  tracking  trump  upgrade  url  video  vpn  web  web2.0  wi-fi  wiki  workflow  wwdc  www  youtube 

Copy this bookmark: