Security Alerts & News
by Tymoteusz A. Góral

History
#1263 Lack of encryption leads to large scale cookie exposure
LAS VEGAS—There’s been an abundance of attacks against crypto over the last few years but a much simpler, scarier threat, cookie hijacking, remains significantly overlooked in the eyes of researchers.

Two academics, Suphannee Sivakorn, a PhD student at Columbia University, and Jason Polakis, an assistant professor at the University of Illinois discussed just how woefully inadequate the encryption protecting some services is in a talk at Black Hat Thursday.

The pair studied 25 popular websites, from search engines such as Google, Yahoo, and Bing, to news sites such as the Huffington Post, MSN, and the New York Times. Fifteen of the sites supported HTTPS but not universally. Many of them offer personalization over HTTP, something that can lead to complicated interoperability and flawed access control, according to Sivakorn and Polakis.
Read more
#1270 Can you trust that invoice? Nigerian 419 scammers ply new wire-wire trade via compromised email
#1269 Italian malware is spying on Chinese Android users: But why?
#1268 Microsoft cranks up encryption in .Net framework
#1267 Fake Prisma apps found on Google Play
#1266 This ATM hack could allow thieves to make off with thousands
#1265 BlackHat2016: badWPAD – The doubtful legacy of the WPAD protocol
#1264 HEIST: HTTP encrypted Information can be stolen through TCP-windows (PDF)
#1263 Lack of encryption leads to large scale cookie exposure
#1262 Are smart city transport systems vulnerable to hackers?
#1261 Pokemon GO DDoS attacks postponed as PoodleCorp botnet suffers security breach
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12