Web Security - Infoworld http://www.infoworld.com/t/21648 en Review: 8 secure browser alternatives to Chrome, IE, and Firefox http://www.infoworld.com/d/applications/review-8-secure-browser-alternatives-chrome-ie-and-firefox-240483?source=rss_web_security <p>The Web browser has been a major infection vector for years, allowing malware to be transported to millions of computers through phishing, man-in-the-middle, SQL injection and countless other attacks. But what if there was a way to stop this madness and secure the browsing channel itself?</p> Applications Security Web Browsers Web Security IDG Insider Tue, 15 Apr 2014 10:00:00 +0000 uphan 240483 at http://www.infoworld.com Tests confirm Heartbleed bug can expose server's private key http://www.infoworld.com/d/security/tests-confirm-heartbleed-bug-can-expose-servers-private-key-240403?source=rss_web_security <p>Four researchers working separately have demonstrated a server's private encryption key can be obtained using the Heartbleed bug, an attack thought possible but unconfirmed.</p> <p>The findings come shortly after a challenge created by CloudFlare, a San Francisco-based company that runs a security and redundancy service for website operators.</p> Security Data Loss Prevention Data Security Encryption Open Source Software Vulnerability Assessment Web Security Mon, 14 Apr 2014 12:00:32 +0000 admin 240403 at http://www.infoworld.com Akamai admits its OpenSSL patch was faulty, reissues keys http://www.infoworld.com/d/security/akamai-admits-its-openssl-patch-was-faulty-reissues-keys-240405?source=rss_web_security <p>Akamai Technologies, whose network handles up to 30 percent of all Internet traffic, said Sunday a researcher found a fault in custom code that the company thought shielded most of its customers from the <a href="http://www.infoworld.com/t/security/5-no-bull-facts-you-need-know-about-heartbleed-right-now-240269">Heartbleed bug</a>.</p> <p>As a result, Akamai is now reissuing all SSL (Secure Sockets Layer) certificates and security keys used to create encrypted connections between its customer's websites and visitors to those sites.</p> Security Data Security Encryption Open Source Software Vulnerability Assessment Web Security Mon, 14 Apr 2014 11:45:35 +0000 admin 240405 at http://www.infoworld.com In Heartbleed's wake, Comodo cranks out fresh SSL certificates http://www.infoworld.com/d/security/in-heartbleeds-wake-comodo-cranks-out-fresh-ssl-certificates-240329?source=rss_web_security <p>Tens of thousands of new digital certificates have been issued by Comodo in the wake of the "Heartbleed" security flaw, which has put Internet users' data at risk.</p> <p>One of New Jersey-based Comodo's main business lines is issuing the digital certificates that encrypt traffic between users and a Web service, a critical shield that protects users from spying by third parties.</p> Security Encryption Hacking Open Source Software Web Security Fri, 11 Apr 2014 11:20:15 +0000 admin 240329 at http://www.infoworld.com 5 no-bull facts you need to know about Heartbleed right now http://www.infoworld.com/t/security/5-no-bull-facts-you-need-know-about-heartbleed-right-now-240269?source=rss_web_security <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 192px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/numbers_1_to_5.jpg" alt="5 no-bull facts you need to know about Heartbleed right now" width="243" height="182" align="right" /><br /><em><p align="right">Credit: iStockphoto</p></em></div> Open Source Software Security Encryption Hacking Internet Privacy Open Source Software Web Security Security Thu, 10 Apr 2014 18:20:10 +0000 InfoWorld Tech Watch 240269 at http://www.infoworld.com China ramps up cyber security, strives to become 'Internet power' http://www.infoworld.com/d/security/china-ramps-cyber-security-strives-become-internet-power-237372?source=rss_web_security <p>China is bolstering its efforts on cyber security with a new high-level committee that aims to turn the nation into an "Internet power," the country's official state media said Thursday.</p> <p>Chinese President Xi Jinping is leading the new government body, which held its first meeting on Thursday. Xi was quoted as stating that cyber security and information technology had become a matter of national security.</p> Networking Security Internet Federal Regulations Hacking Web Security Security Fri, 28 Feb 2014 12:04:05 +0000 admin 237372 at http://www.infoworld.com 6 lessons learned about the scariest security threats http://www.infoworld.com/d/security/6-lessons-learned-about-the-scariest-security-threats-236704?source=rss_web_security <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 192px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/lock_screen.jpg" alt="6 lessons learned about the scariest security threats" width="243" height="182" align="right" /><br /><em><p align="right">Credit: Naomi Anderson</p></em></div> Security IT Strategy Cyber Crime Data Security Hacking Malware Network Security Social Engineering Web Security Windows Security Wireless Security Security Mon, 24 Feb 2014 11:00:00 +0000 Jason Snyder 236704 at http://www.infoworld.com Google grabs Spider.io to combat ad fraud http://www.infoworld.com/t/cyber-crime/google-grabs-spiderio-combat-ad-fraud-236839?source=rss_web_security <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/Google_Scrutiny_hp.jpg" alt="Google grabs Spider.io to combat ad fraud" width="243" height="182" align="right" /></div><p>There are typically two ways to solve a technology problem: devise a solution yourself or find someone who's working on the problem and buy their expertise.</p> The Industry Standard Google M&A Cyber Crime Web Security Fri, 21 Feb 2014 15:52:56 +0000 InfoWorld Tech Watch 236839 at http://www.infoworld.com Mozilla advises webmasters to implement X-Frame-Options security header http://www.infoworld.com/d/security/mozilla-advises-webmasters-implement-x-frame-options-security-header-232579?source=rss_web_security <p>In light of overall low adoption of HTTP security headers, Mozilla is advising webmasters to at least implement X-Frame-Options on their sites, arguing that this header can prevent several types of attacks.</p> Security Mozilla Web Security Thu, 12 Dec 2013 21:53:25 +0000 admin 232579 at http://www.infoworld.com Hackers use botnet to scrape Google for vulnerable sites http://www.infoworld.com/t/hacking/hackers-use-botnet-scrape-google-vulnerable-sites-228799?source=rss_web_security <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/IFW_Hacking3.jpg" alt="Hackers use botnet to scrape Google for vulnerable sites" width="243" height="182" align="right" /></div><p>Some 35,000 sites that use vBulletin, a popular website forum package, were hacked recently by taking advantage of the presence of files left over from the program's installation process, according to security researcher <a href="http://kr Security Google Hacking Web Security Tue, 15 Oct 2013 16:26:05 +0000 InfoWorld Tech Watch 228799 at http://www.infoworld.com Malicious browser extensions pose a serious threat and defenses are lacking http://www.infoworld.com/d/security/malicious-browser-extensions-pose-serious-threat-and-defenses-are-lacking-227600?source=rss_web_security <p>Although the number of malicious browser extensions has significantly increased in the past year many security products fail to offer adequate protection against them, while others are simply not designed to do so, according to a security researcher.</p> <p>Attackers have already used such extensions to perform click fraud by inserting rogue advertisements into websites or by hijacking search queries, but research has shown that this type of malware has the potential to cause much more damage.</p> Security Web Browsers Web Security Thu, 26 Sep 2013 21:33:48 +0000 admin 227600 at http://www.infoworld.com Mozilla 'Plug-n-Hack' project aims for tighter security tool integration http://www.infoworld.com/d/applications/mozilla-plug-n-hack-project-aims-tighter-security-tool-integration-225464?source=rss_web_security <p>Mozilla is developing a protocol that aims to let security tools and Web browsers work better together.</p> <p>Configuring a Web browser to work with a security tool involves writing platform and browser-specific extensions, a nontrivial process that discourages people with less experience, <a href="http://blog.mozilla.org/security/author/sbennettsmozilla-com/" target="_blank">wrote</a> Simon Bennetts, a security automation engineer with Mozilla, on Thursday.</p> Applications Security Mozilla Web Browsers Web Security Fri, 23 Aug 2013 12:12:45 +0000 admin 225464 at http://www.infoworld.com Internet Explorer 10 beats Chrome and Firefox at blocking malware downloads http://www.infoworld.com/t/web-security/internet-explorer-10-beats-chrome-and-firefox-blocking-malware-downloads-218560?source=rss_web_security <p>Internet Explorer 10 users are far less likely to suffer malware infections while Web browsing compared to users of Chrome, Safari, Firefox, and Opera, according <a href="https://www.nsslabs.com/system/files/public-report/files/2013-04%20CAR%20Browser%20Socially%20Engineered%20Malware%20130513c.pdf">to a recent independent study by NSS Labs</a>.</p> Security Anti-virus Applications Vulnerability Assessment Web Security Tue, 14 May 2013 19:43:44 +0000 InfoWorld Tech Watch 218560 at http://www.infoworld.com Mozilla and Samsung team up for Servo, a secure browser engine http://www.infoworld.com/t/web-development/mozilla-and-samsung-team-servo-secure-browser-engine-215762?source=rss_web_security <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/Browser_Security_hp.jpg" alt="Mozilla and Samsung team up for Servo, a secure browser engine" width="243" height="182" align="right" /></div><p>Mozilla and Samsung are tag-teaming on a new, highly secure Web browser engine dubbed Servo, built on Mozilla's new "safe systems" programming language called Rust. Applications Application Development Security Mozilla Samsung Web Development Web Browsers Web Security Wed, 03 Apr 2013 20:15:12 +0000 InfoWorld Tech Watch 215762 at http://www.infoworld.com The two steps to radically better security http://www.infoworld.com/d/security/the-two-steps-radically-better-security-215599?source=rss_web_security <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/18OPsecadvise_hp.jpg" alt="The two steps to radically better security" width="243" height="182" align="right" /></div><p>Here's a shocking fact I've learned from 25-plus years of security consulting: Most security projects fail to improve the safety of the organizations launching them. Security will be compromised as frequently after the project as before.</p> Security Hacking Malware Patch Management Security Management Web Security Security Tue, 02 Apr 2013 10:00:00 +0000 Roger A. Grimes 215599 at http://www.infoworld.com Apple's Java sabotage is bad IT business http://www.infoworld.com/t/systems-management/apples-java-sabotage-bad-it-business-212193?source=rss_web_security <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/Bad_Apple_hp.jpg" alt="Apple's Java sabotage is bad IT business" width="243" height="182" align="right" /></div><p>They may not be your customers, but that doesn't mean you should treat them like dirt -- or like idiots, miscreants, dolts, or any other variant of the dreaded "they."</p> Application Development Security Mac OS X IT Strategy Java Programming Systems Management Patch Management Web Security Wed, 06 Feb 2013 11:00:00 +0000 Bob Lewis 212193 at http://www.infoworld.com New bug neutralizes latest Java security updates http://www.infoworld.com/d/security/new-bug-neutralizes-latest-java-security-updates-211635?source=rss_web_security <p>Java's new security settings, designed to block drive-by browser attacks, can be bypassed by hackers, a researcher announced Sunday.</p> <p>The news came in the aftermath of several embarrassing zero-day vulnerabilities, and a <a href="http://www.computerworld.com/s/article/9236230/Oracle_s_Java_security_head_We_will_fix_Java_communicate_better" target="_blank">recent commitment by the head of Java security</a> that his team would fix bugs in the software.</p> Application Development Security Oracle Java Programming Data Security Hacking Patch Management Security Management Vulnerability Assessment Web Security Mon, 28 Jan 2013 12:49:43 +0000 admin 211635 at http://www.infoworld.com Unseen, all-out cyber war on the U.S. has begun http://www.infoworld.com/d/security/unseen-all-out-cyber-war-the-us-has-begun-211438?source=rss_web_security <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/IFW_Security_RISK.jpg" alt="Unseen, all-out cyber war on the U.S. has begun" width="243" height="182" align="right" /></div><p>There's a war going on, and it's raging here at home -- not in the streets or the fields, but on the Internet. You can think of it as a war on the digital homeland.</p> Security The Industry Standard Internet Application Security Cyber Crime Hacking Network Security Vulnerability Assessment Web Security Government Mon, 28 Jan 2013 11:00:00 +0000 Galen Gruman 211438 at http://www.infoworld.com Why the Java threat rang every alarm http://www.infoworld.com/t/security/why-the-java-threat-rang-every-alarm-211061?source=rss_web_security <div id="tw-edit" style="background: #ffffff no-repeat center top; float: right; width: 243px; position: relative; height: 182px; padding: 8px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/java_hp.jpg" alt="Why the Java threat rang every alarm" width="243" height="182" align="right" /></div><p>If the IT industry had a color-coded threat-level advisory system, the alerts would have spiked to red this week -- and in a way they did when the <a href="http://www.kb.cert.org/vuls/id/625617" target="_blank">Department of Homeland Security, no less, urged users to disable </a></p> Application Development Oracle Java Programming Hacking Security Management Security Standards Vulnerability Assessment Web Security Security Fri, 18 Jan 2013 11:00:00 +0000 InfoWorld Tech Watch 211061 at http://www.infoworld.com How to kill Java dead, dead, dead http://www.infoworld.com/t/java-programming/how-kill-java-dead-dead-dead-210860?source=rss_web_security <div id="tw-image" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/Java_hp.jpg" alt="How to kill Java dead, dead, dead" width="243" height="182" align="right" /></div><p>Once again, flaws in Java are creating big holes that hackers exploit to victimize users and, even worse, sabotage or spy on many of the computers that run key business processes at utilities, banks, hospitals, and government agencies. Enough already.</p> Application Development Microsoft Windows Mobile Technology Security The Industry Standard Microsoft Oracle Mac OS X Microsoft Windows Application Security Java Programming Web Security Tue, 15 Jan 2013 11:00:00 +0000 InfoWorld Tech Watch 210860 at http://www.infoworld.com