Security News

Proxy authentication flaw can be exploited to crack HTTPS protection (Help Net Security)
2016-08-16 19:12

Mistakes made in the implementation of proxy authentication in a variety of operating systems and applications have resulted in security vulnerabilities that allow MitM attackers to effectively...

CRIME, TIME, BREACH and HEIST: A brief history of compression oracle attacks on HTTPS (Help Net Security)
2016-08-11 16:00

The HEIST vulnerability was presented at Black Hat USA 2016 by Mathy Vanhoef and Tom Van Goethem. In this presentation, new techniques were presented that enhanced previously presented padding...

How the HTTPS-snooping, email addy and SSN-raiding HEIST JavaScript code works (The Register)
2016-08-05 02:34

New attack steals SSNs, e-mail addresses, and more from HTTPS pages (ArsTechnica)
2016-08-03 16:34

Google's HSTS rollout: Forced HTTPS for google.com aims to help block attacks (ZDNet)
2016-08-01 14:01

WPAD Flaws Leak HTTPS URLs (Threatpost)
2016-08-01 13:00

Sniffing HTTPS URLs with malicious PAC files gets easier with a new technique that exploits flaws in the Web Proxy AutoDiscovery protocol.

Hackers Can Intercept HTTPS URLs via Proxy Attacks (SecurityWeek)
2016-07-29 10:31

New attack that cripples HTTPS crypto works on Macs, Windows, and Linux (ArsTechnica)
2016-07-26 17:46

HTTPS is not a magic bullet for Web security (ArsTechnica)
2016-07-11 12:44

HTTPS crypto is on the brink of collapse. Google has a plan to fix it (ArsTechnica)
2016-07-08 21:44