http/s   54

« earlier    

HTTP Injector Apps Are Becoming a Popular Method to Obtain Free Internet Access
"HTTP injector" apps traded in public Telegram channels are becoming a popular method of gaining free Internet access on mobile devices.
Such apps work by modifying HTTP headers on network requests with malicious code that tricks "captive portals" into giving the user access to the Internet.
Captive portals are the temporary web pages that some mobile telcos or private WiFi networks show users when trying to access the Internet, sometimes asking for a password or urging the user to recharge his SIM card's credit.
HTTP/S  free  internet  hack  security  privacy 
4 hours ago by rgl7194
IETF Approves TLS 1.3 as Internet Standard
The Internet Engineering Task Force (IETF) —the organization that approves proposed Internet standards and protocols— has formally approved TLS 1.3 as the next major version of the Transport Layer Security (TLS) protocol.
The decision comes after four years of discussions and 28 protocol drafts, with the 28th being selected as the final version.
TLS 1.3 is now expected to become the standard method in which a client and server establish an encrypted communications channel across the Internet —aka HTTPS connections.
internet  standards  www  security  privacy  HTTP/S 
12 weeks ago by rgl7194
Firefox 59 Will Add a New Privacy Feature That Strips Sensitive Data From URLs
Firefox 59 will strip referrer information from URLs while the user is in Private Browsing mode. The measure is meant to safeguard users from accidental data leaks of sensitive information.
Referrer information is a crucial part of how the web and browsers work, but not something that a casual, non-technical user would be aware of.
Referrer info is the information transmitted by a browser when the user clicks on a link. For example, if a user clicks a link for Website 2 on Website 1, the webmaster of Website 2 will know that the new user who landed on his site came from Website 1.
This happens because HTTP requests come with a field named "Referrer Value" that store the origin of an HTTP request.
firefox  URL  security  privacy  HTTP/S 
february 2018 by rgl7194
Part 2: All rise! Mind these digital crimes and arm your business against them - Malwarebytes Labs | Malwarebytes Labs
In the first installment of this two-part series, we advised consumers to stay on top of a selection of up-and-coming crimes to significantly lessen the chances of encountering them in the future. For this post, we’re going to look into digital crimes that keeps small businesses and large enterprises on their toes: cloud attacks, attacks over SSL, ATM malware, and RDoS attacks.
It’s important to note that regardless of any digital attack an organization might face, fostering a culture of cybersecurity plays a massive role in arming employees with knowledge of what these attacks are and how they should respond if and when such incidents happen.
Let’s begin!
privacy  security  cloud  HTTP/S  malware  DDOS 
november 2017 by rgl7194
How Captive Portals Interfere With Wireless Security and Privacy | Electronic Frontier Foundation
If you have ever wanted to use the wifi at a coffee shop or library, you have probably had to click through a screen to do it. This screen might have shown you the network’s Terms of Service and prompted you to click an “I agree” button. Depending on where you were, it might have asked you for information about yourself, like your email, social media accounts, room number (in a hotel), account number (in a library), or other identifying information. Sometimes you even have to watch a short video or ad before wifi access is granted.
These kinds of screens are called captive portals, and they interfere with wireless security without providing many user benefits.
wi-fi  privacy  security  off  technology  HTTP/S  authentication 
september 2017 by rgl7194
Here’s How to Protect Your Privacy From Your Internet Service Provider | Electronic Frontier Foundation
We pay our monthly Internet bill to be able to access the Internet. We don’t pay it to give our Internet service provider (ISP) a chance to collect and sell our private data to make more money. This was apparently lost on congressional Republicans as they voted to strip their constituents of their privacy. Even though our elected representatives have failed us, there are technical measures we can take to protect our privacy from ISPs.
Bear in mind that these measures aren’t a replacement for the privacy rules that were repealed or would protect our privacy completely, but they will certainly help.
security  privacy  vpn  internet  ISP  do_not_track  cookies  HTTP/S  tor 
june 2017 by rgl7194
HTTPS... Everywhere! - Malwarebytes Labs | Malwarebytes Labs
We recently updated our redirections rule in HTTPS-Everywhere, a browser extension that automatically redirects you to the HTTPS version of the website you are trying to visit. Now is a good time for us to give a short overview of how important HTTPS is. We’ll also talk about a few major HTTPS-related events that happened lately.
When we browse the web, several third-parties are able to snoop on the connection between the user and the website, including the user’s ISP, law enforcement, the website’s ISP, and other people in between.
security  privacy  anonymity  encryption  HTTP/S  internet 
june 2017 by rgl7194
11 tips for protecting your privacy and digital security in the age of Trump
As of January 20, Donald Trump is the president of the United States, which has prompted deep concerns from many over the constraints his administration may place on our ability to connect, express, and spread information safely.
Trump, a longstanding adversary of the free press, has expressed support for expanded surveillance powers, insulted and blacklisted both individual journalists and entire news organizations, selected an Attorney General appointee who actively eschews commitments to protecting a free press, and has called for leak investigations that would ensnare both sources and journalists. If these comments and actions are any indication, both the press and ordinary citizens may be forced more than ever before to use technology to keep their communications safe.
privacy  security  digital  gov2.0  trump  politics  software  passwords  1password  2FA  signal  encryption  messaging  browser  HTTP/S  vpn  phishing 
march 2017 by rgl7194
You Can Easily Use Encryption: Here's How
SAN FRANCISCO — Strong encryption is easy and available for all, security researcher Jessy Irwin told attendees at the RSA Conference here yesterday (March 3).
"Most people think, 'Security is really hard, and I want to learn more, but I have no idea where to start,'" Irwin said. "But that's not true."
You need to do only a few things to drastically improve your security posture, Irwin said: Use a password manager; fully encrypt your computers and smartphones; and use end-to-end-encrypted communication services.
privacy  security  encryption  mac  ios  passwords  1password  vpn  email  HTTP/S  messaging  tor 
march 2017 by rgl7194
The Cloudflare Incident And Its Impact On Wireshark.org | Sniff free or die
Cloudflare recently announced a security incident that potentially impacts anyone who visited various wireshark.org and winpcap.org sites for the past six months.
What happened?
Cloudflare is a popular service that provides content delivery, DDoS protection and DNS services for web sites.
A software bug Cloudflare’s servers leaked potentially sensitive information. Some of that information ended up in caches all over the Internet. At Google, Microsoft, your ISP, your company’s or university’s proxy servers, and elsewhere. Due to the randomness and distributed nature of the bug, it’s difficult to know what the full impact is. Cloudflare provides the following estimate:
“The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests).”
The bug was introduced on September 22, 2016 and fixed on February 18th, 2017.
cloudbleed  encryption  HTTP/S  privacy  security  authentication  bug  passwords  cookies  google 
february 2017 by rgl7194
Incident report on Cloudflare parser bug – Feedly Blog
Cloudflare reported last night a bug in their service which could have leaked information from the services using their edge cache servers.
Feedly uses Cloudflare as a security shield which increases the reliability and performance of the Feedly web application. As such, Cloudflare informed us it is possible that some of the Feedly Web request performed between Feb 13 and Feb 18 might have been impacted by the information leak.
Despite the 1 in 3,300,000 chances of being impacted, we recommend to be extra cautious and take the following actions...
cloudbleed  encryption  HTTP/S  privacy  security  authentication  bug  passwords  cookies  google  RSS 
february 2017 by rgl7194
CloudBleed: What you need to know | iMore
CloudFlare, a popular internet intermediary service that provides performance and security for a host of other sites, has had a large data leak.
Dubbed "CloudBleed", it made potentially sensitive information available online, including from popular sites like OKCupid and Authy.
What happened with Cloudflare?
From the CloudFlare blog:
Last Friday, Tavis Ormandy from Google's Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare.
It turned out that in some unusual circumstances, which I'll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.
cloudbleed  encryption  HTTP/S  privacy  security  authentication  bug  passwords  cookies  google 
february 2017 by rgl7194
On the Wire Podcast: Nick Sullivan on the Cloudflare Memory Leak | On the Wire
Cloudflare is one of those companies that most normal Internet users may never have heard of, but rely on every day. The company’s infrastructure protects a large fraction of the global Internet’s sites and so when a bug emerges in its systems, it’s a Big Deal. The memory leak vulnerability that Cloudflare disclosed this week fits into that category. It resulted from a weird confluence of events and the main effect was that private data from some Cloudflare customers was leaked on the web over the last few months. Dennis Fisher spoke with Nick Sullivan, head of crypto at Cloudflare, about the vulnerability, the response process, and what the company learned from all of it.
cloudbleed  encryption  HTTP/S  privacy  security  authentication  bug  passwords  cookies  google  podcast 
february 2017 by rgl7194
Cloudflare Memory Leak Bug Exposed Private Customer Data | On the Wire
Cloudflare, one of the larger content-delivery networks and DNS providers on the Internet, had a critical bug in one of its services that resulted in sensitive customer data such as cookies, authentication tokens, and encryption keys being leaked and cached by servers around the world.
The vulnerability was in an HTML parser that Cloudflare engineers had written several years ago but had recently replaced by a newer one. The company was migrating various services from the old parser, written using Ragel, to the new one, and a change made during that process is what caused the bug to activate and begin leaking memory with private information in it. The bug active for several days, and Cloudflare said the most critical period was Feb. 13 to Feb. 18.
cloudbleed  encryption  HTTP/S  privacy  security  authentication  bug  passwords  cookies  google 
february 2017 by rgl7194
Serious Cloudflare bug exposed a potpourri of secret customer data | Ars Technica
Service used by 5.5 million websites may have leaked passwords and authentication tokens.
Cloudflare, a service that helps optimize the security and performance of more than 5.5 million websites, warned customers today that a recently fixed software bug exposed a range of sensitive information that could have included passwords and cookies and tokens used to authenticate users.
A combination of factors made the bug particularly severe. First, the leakage may have been active since September 22, nearly five months before it was discovered, although the greatest period of impact was from February 13 and February 18. Second, some of the highly sensitive data that was leaked was cached by Google and other search engines. The result was that for the entire time the bug was active, hackers had the ability to access the data in real-time by making Web requests to affected websites and to access some of the leaked data later by crafting queries on search engines.
cloudbleed  encryption  HTTP/S  privacy  security  authentication  bug  passwords  cookies  google 
february 2017 by rgl7194
AgileBits Blog | Three layers of encryption keeps you safe when SSL/TLS fails
No 1Password data is put at any risk through the bug reported about CloudFlare. 1Password does not depend on the secrecy of SSL/TLS for your security. The security of your 1Password data remains safe and solid.
We will provide a more detailed description in the coming days of the CloudFlare security bug and how it (doesn’t) affect 1Password. At the moment, we want to assure and remind everyone that we designed 1Password with the expectation that SSL/TLS can fail. Indeed it is for incidents like this that we deliberately made this design.
No secrets are transmitted between 1Password clients and 1Password.com when you sign in and use the service. Our sign-in uses SRP, which means that server and client prove their identity to each other without transmitting any secrets. This means that users of 1Password do not need to change their Master Passwords.
security  1password  privacy  encryption  cloudbleed  HTTP/S 
february 2017 by rgl7194
We're Halfway to Encrypting the Entire Web | Electronic Frontier Foundation
The movement to encrypt the web has reached a milestone. As of earlier this month, approximately half of Internet traffic is now protected by HTTPS. In other words, we are halfway to a web safer from the eavesdropping, content hijacking, cookie stealing, and censorship that HTTPS can protect against.
Mozilla recently reported that the average volume of encrypted web traffic on Firefox now surpasses the average unencrypted volume.
Source: https://letsencrypt.org/stats/
Google Chrome’s figures on HTTPS usage are consistent with that finding, showing that over 50% of of all pages loaded are protected by HTTPS across different operating systems.
Source: https://www.google.com/transparencyreport/https/metrics/
This milestone is a combination of HTTPS implementation victories: from tech giants and large content providers, from small websites, and from users themselves.
encryption  HTTP/S  security  privacy  web  EFF  internet 
february 2017 by rgl7194
Victories in Encrypting the Web: News and Government Sites Switch to HTTPS | Electronic Frontier Foundation
The last year has seen enormous progress in encrypting the web. Two categories in particular have made extraordinary strides: news sites and US government sites. The progress in those fields is due to months of hard work from many technologists; it can also be attributed in part to advocacy and sound policy.
Freedom of the Press Foundation has been leading the call for news organizations to implement HTTPS. In December 2016, it launched Secure the News, which tracks HTTPS deployment across the industry, grading sites on the thoroughness of their implementation.
security  privacy  encryption  HTTP/S  gov2.0  news 
february 2017 by rgl7194
Google Wants to Encrypt the Web. Now. | On the Wire
OAKLAND–The security engineers at Google have spent years working on improving the security and reliability of Chrome, and it’s had a remarkable effect. They’re not satisfied with just raising the security bar for one browser, though, and now are pushing the rest of the industry and the web community at large to get with the program.
Because of its position, Google can influence much of what users see in terms of the security notifications and warnings when they hit a potentially malicious site or receive a suspicious email. Through its Safe Browsing API, which is used by most of the other browser vendors, Google can deliver warnings to a huge portion of the online community. In much the same way, the company can exert a lot of influence on the way users see sites that have secure connections as well as ones that don’t.
security  privacy  encryption  web  internet  google  HTTP/S 
february 2017 by rgl7194
Ars announces HTTPS by default (finally) | Ars Technica
Doing our part to push the encrypted-by-default vision of the Web.
We are excited to announce that Ars Technica has made the jump to greater security: we now have HTTPS browsing by default. The switch to encryption will help secure your connection to Ars from eavesdropping by unauthorized parties (emphasis on the "help," since browsing with HTTPS is only one part of a sane defense-in-depth strategy, and lots of browsing metadata is exposed regardless of whether or not you use HTTPS). For most readers, the change will be a transparent one. Browser address bars will show a green SSL/TLS notification, but everything else should remain the same. We hope we've anticipated potential problems, but if you run into any issues, please let us know via this Google form.
ars_technica  HTTP/S 
january 2017 by rgl7194

« earlier    

related tags

10.11  101  1password  2fa  anonymity  apple  apps  ars_technica  authentication  bluetooth  browser  bug  censorship  cloud  cloudbleed  cookies  ddos  digital  do_not_track  eff  email  encryption  firefox  flash  freak  free  google  gov2.0  hack  html5  internet  ios  ios10  ios9  isp  lets_encrypt  library  mac  macos  malware  messaging  news  off  passwords  phishing  plugins  podcast  politics  privacy  proxy  rootless  rss  safari  safety  security  signal  software  standards  technology  tools  tor  tracking  trump  upgrade  url  video  vpn  web  web2.0  wi-fi  wiki  workflow  wwdc  www 

Copy this bookmark:



description:


tags: