Security News

Proxy authentication flaw can be exploited to crack HTTPS protection (Help Net Security)
2016-08-16 19:12

Mistakes made in the implementation of proxy authentication in a variety of operating systems and applications have resulted in security vulnerabilities that allow MitM attackers to effectively...

CRIME, TIME, BREACH and HEIST: A brief history of compression oracle attacks on HTTPS (Help Net Security)
2016-08-11 16:00

The HEIST vulnerability was presented at Black Hat USA 2016 by Mathy Vanhoef and Tom Van Goethem. In this presentation, new techniques were presented that enhanced previously presented padding...

How the HTTPS-snooping, email addy and SSN-raiding HEIST JavaScript code works (The Register)
2016-08-05 02:34

Severe vulnerabilities discovered in HTTP/2 protocol (ZDNet)
2016-08-04 12:49

Four high-profile vulnerabilities in HTTP/2 revealed (Help Net Security)
2016-08-03 22:13

Imperva released a new report at Black Hat USA 2016, which documents four high-profile vulnerabilities researchers at the Imperva Defense Center found in HTTP/2, the new version of the HTTP...

Two first-gen flaws carried over to HTTP/2, warn security bods (The Register)
2016-08-03 16:34

New attack steals SSNs, e-mail addresses, and more from HTTPS pages (ArsTechnica)
2016-08-03 16:34

High-Profile Vulnerabilities Affect HTTP/2: Report (SecurityWeek)
2016-08-03 15:18

Google's HSTS rollout: Forced HTTPS for google.com aims to help block attacks (ZDNet)
2016-08-01 14:01

WPAD Flaws Leak HTTPS URLs (Threatpost)
2016-08-01 13:00

Sniffing HTTPS URLs with malicious PAC files gets easier with a new technique that exploits flaws in the Web Proxy AutoDiscovery protocol.