Post Tagged with: "Web"

Updated: Google warns of unauthorized TLS certificates trusted by almost all OSes | Ars Technica

March 24, 2015 10:490 comments
Updated: Google warns of unauthorized TLS certificates trusted by almost all OSes | Ars Technica

In-brief: Google warned its users that unauthorized digital certificates have been issued for several of its domains. The certificates are linked to an intermediary certificate authority for CNNIC, which administers China’s domain name registry. Updated with comment from Kevin Bocek of Venafi. Paul 3/27/2015  Like this:Like Loading…

Read more ›

Update: Superfish is the Real End of SSL

February 23, 2015 12:010 comments
Update: Superfish is the Real End of SSL

In-brief: Outrage over Lenovo’s promotion of privacy busting adware continued to grow amid lawsuits and more spying revelations. The big question: is this the final – final straw for the beleaguered Secure Sockets Layer (SSL) technology?  (Updated to add comment from Kevin Bocek of Venafi.) Like this:Like Loading…

Read more ›

Cat and Mouse: Web Attacks Increasingly Sidestep WAF Protections

December 31, 2014 10:203 comments
Cat and Mouse: Web Attacks Increasingly Sidestep WAF Protections

Recently, the Akamai Threat Research Team unveiled a unique distributed brute force attack campaign targeting nearly five hundred WordPress applications. What’s interesting about this campaign? It clearly demonstrates how Web attackers are becoming more sophisticated, attempting to evade security controls – specifically Web Application Firewalls (WAFs) and rate control protections. A Short Primer to Brute-Force Attacks Brute force Web attackers attempt to gain privileged access to a Web application by sending a very large set of login attempts, within a short period of time. Using volumetric single source of attack is easily mitigated by blacklisting. Today’s brute force attacks are typically characterized by volumetric attacks coming from distributed IPs. In this way, if the attacker’s source IP is detected, they can still continue with the attack campaign by switching a source IP. As part of this cat-and-mouse evolution, WAFs are enhanced with several rate control measures that detect and block […]

Read more ›

Game Networks Struggle Back After Holiday Attacks

December 27, 2014 11:262 comments
Microsoft's X-Box service was back online following a Christmas Day denial of service attack from a group known as Lizard Squad. Sony's Playstation Network, however, was still struggling to restore service to customers.

Online gaming networks including Sony’s Playstation network were the victims of large-scale denial of service attacks that coincided with the Christmas holiday. As of Saturday, Microsoft’s X-Box gaming network had returned to full operation, while Sony’s Playstation Network was still struggling to restore service, 48 hours after attacks attributed to an online hacktivist group known as The Lizard Squad hobbled the gaming networks on their biggest day of the year: Christmas. “Update: PS4, PS3, and Vita network services are gradually coming back online – thanks for your patience,” Sony tweeted via its @AskPlayStation Twitter account early Saturday. The source of the denial of service attacks has not been confirmed. However, the group claiming responsibility for them has claimed that the attacks were more prank than anything else: an effort to irritate Playstation and X-box owners who received a new device on Christmas Day, only to find they couldn’t connect it to the […]

Read more ›
%d bloggers like this: