Security Alerts & News
by Tymoteusz A. Góral

History
#1856 HTTPS scanning in Kaspersky antivirus exposed users to MITM attacks
Security vendor Kaspersky Lab has updated its antivirus products to fix an issue that exposed users to traffic interception attacks.

The problem was found by Google vulnerability researcher Tavis Ormandy in the SSL/TLS traffic inspection feature that Kaspersky Anti-Virus uses to detect potential threats hidden inside encrypted connections.

Like other endpoint security products, Kaspersky Anti-Virus installs a self-signed root CA certificate on computers and uses it to issue "leaf," or interception, certificates for all HTTPS-enabled websites accessed by users. This allows the product to decrypt and then re-encrypt connections between local browsers and remote servers.
Read more
#1857 Web security and the OWASP top 10: The big picture
#1856 HTTPS scanning in Kaspersky antivirus exposed users to MITM attacks
#1855 Designer launches fabric to bamboozle facial recognition
#1854 The FTC’s Internet of Things (IoT) challenge
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12