ENISA urges overhaul of HTTPS December 2011 | Derek Parkinson | Leave a comment ENISA has added its voice to those calling for a rethink of how we implement HTTPS. The EU agency agrees with observers who see general problems in the system, in addition to failings by Certificate Authorities (CAs) such as DigiNotar, … Continue reading → Tweet
2011: the year of China’s cyber spies November 2011 | Derek Parkinson | Leave a comment Revelations about the extent of China’s cyber espionage activities, drawing together hackers, industry and its own Government, is the most significant security development in 2011, says Imperva. The cumulative cost of this is difficult to estimate, but could be anywhere … Continue reading → Tweet
Google urges EU to adopt cloud-friendly privacy regime September 2011 | Derek Parkinson | Comments (3) EU adoption of cloud services is being held back by inconsistent approaches to security in the laws of member states, Google has told the European Commission. The company’s submission is part of a public consultation that will help to shape … Continue reading → Tweet
DigiNotar breach – roundup of evidence about extent and targets September 2011 | Derek Parkinson | Comment (1) Further revelations are emerging by the day about the extent and likely targets of the attack on Certification Authority (CA) DigiNotar, following its admission last week that the Netherlands-based company suffered a breach that could put thousands of webmail accounts … Continue reading → Tweet
Google data reveals trends in web malware August 2011 | Derek Parkinson | Leave a comment Sophisticated methods of infecting users with web malware and techniques for evading its detection are exposing shortcomings in web security, and a more holistic approach is needed for effective protection against cyber crime, according to Google. The evidence for this … Continue reading → Tweet
Malware in mobile apps – opening salvoes in a long war July 2011 | Derek Parkinson | Leave a comment The market for mobile phone apps is the new battleground in the fight against fraud, and criminals are set to win the early skirmishes according to evidence spotted by a wide range of security experts. The most important among these … Continue reading → Tweet
Firefox 4 and the state of browser security – the expert view March 2011 | Redaction | Leave a comment The release in March of Firefox 4 and Microsoft’s IE9 has reignited talk of the “battle of the browsers”, sparking claims and counter-claims about the numbers downloaded within the first hours of release. It is a good time to take … Continue reading → Tweet
ICO looks into security black hole of home Wi-Fi March 2011 | Redaction | Leave a comment Many Wi-Fi networks in the home are vulnerable to attack because users don’t know if security is enabled, will risk insecure connections, or don’t know how to adjust their security settings, research by the Information Commissioner’s Office (ICO) has revealed. … Continue reading → Tweet
OWASP draws up XSS battle plan February 2011 | Redaction | Leave a comment Web browsers, cross-site scripting (XSS), and vendor-neutral approaches to the security of enterprise applications will be the key areas of work at the upcoming OWASP Global Summit in Lisbon. A working group on browser security will include representatives from Mozilla, … Continue reading → Tweet
Adobe finally ships its sandbox November 2010 | Redaction | Leave a comment http://community.securityvibes.com/servlet/JiveServlet/downloadImage/38-4875-1180/1290438354_pdf.pngLast july Adobe promised to better secure its Adobe Reader, which became in a few years a prime vector of targeted attacks through hacked PDF documents. To be perfectly honest it’s the use of Javascript within those PDF documents that … Continue reading → Tweet
