Web Browsers

(get it in RSS or Atom)

Apple pushes out critical security fixes for OS X, iOS and Apple TV

apple-upd-250

You still can't tell when you're going to get your next update from Apple, but serious security fixes do seem to be coming more frequently these days.

Like the latest round of patches, closing a raft of hackable holes in OS X, iOS and Apple TV...

Apple patch out, Fake support bust, Liquor store leak - 60 Sec Security [VIDEO]

2014-04-05-justice-250

How long did Apple leave holes in Safari? What punishment can a convicted support call scammer expect? And what happens when a liquor store springs a leak?

Find out in 60 Second Security. the security news video that only takes a minute...

Apple updates OS X Safari - patches a year's worth of holes, but not on Snow Leopard

safari-250

In all the excitement over the End of Windows XP and next Tuesday's Ultimate Update...

...we sort of forgot to write about Apple.

Here's the scoop on the lates OS X Safari browser update, patching 27 vulnerabilities.

SellHack browser plugin ceases squeezing LinkedIn for hidden email addresses

SellHack logo

The free extension promised to "hack" LinkedIn profiles to get at what should be users' tucked-away, private email addresses. Much to LinkedIn's chagrin, it was doing just that (albeit spottily) until it got LinkedIn's cease and desist order, took the plugin offline and pledged to shape it into something that passes terms of service muster.

Firefox 28.0 takes on the PWN2OWN attacks already

ff-held-250

Firefox 28.0 was released on 18 March 2014, just five days after four exploitable bugs in the browser were disclosed at the PWN2OWN competition.

Paul Ducklin looks at what was fixed...

Browsers pwned, Korean megabreach, hackers phoiled, and Chet Chat turns 4! [VIDEO]

2014-03-15-pwned-250

Which browser plugin withstood PWN2OWN? How big was the latest South Korean megabreach? What happens when hackers attack phishers?

Find out in 60 Second Security...

How emails can be used to track your location and how to stop it

Chrome extension 'Streak' betrays what time you open mail and your location

A new Google Chrome browser extension lets email senders using Google accounts see when recipients open email, who exactly opened the email, and where the recipient is located. And sorry, but no, recipients don't have a say in the matter whatsoever, since we don't have to sign up for the extension to have it blab about us.

Anatomy of a "goto fail" - Apple's SSL bug explained, plus an unofficial patch for OS X!

gotofail-250

Apple just patched an SSL/TLS bug in iOS - but the flaw is not yet fixed in OS X.

Paul Ducklin comes to the rescue with explanations, mitigations, and even an unofficial patch! (For educational purposes only, you understand.)

Patching XP, Flappy Bird malware, Tesco passwords leaked - 60 Sec Security [VIDEO]

2014-02-15-really-250

Did you really think XP would go patch-free? Is Flappy Bird really dead? Did you really use the same password on more than one site?

60 Sec Security - 15 Feb 2014

Anatomy of a poisoned image: colour-coded JavaScript!

poisoned-img-250

Colour-coded JavaScript?

Paul Ducklin looks into a malware writer's poisoned-image trick that tells an interesting (and, though it hurts to say it, an amusing) story of subterfuge and guile...

Google Chrome will warn you when it's been hijacked

Google Chrome will warn you when it's been hijacked

The warning flare comes as a window for Windows users that features a "reset" button to get the browser back to factory-fresh settings.

Firefox 27 is out - Tuesday's second non-Patch-Tuesday update

ff27-250

Even though yesterday wasn't a Patch Tuesday, we ended up with two major browser-related updates: an unscheduled Adobe Flash patch, and an expected one: the update from Firefox 26 to Firefox 27.

Paul Ducklin takes a quick look...

SSCC 133 - Prize unicorns, Android malware, 2FA, Attack reports and Vote For Us! [PODCAST]

sscc-133-thumb-250

Chet and Duck review the week's news in their informed and entertainingly serious style, discussing the prizes on offer at this year's PWN2OWN competition, talking about a new twist in Android malware, and reviewing the latest attack reports from Yahoo and Target...

PWN2OWN 2014 - Find the "exploit unicorn" and win $150,000

unicorn-250

It's called PWN2OWN because if you successfully pwn, or hack into, the competition laptop, you own it *literally* - you get to take it home with you.

But there's also $645,000 in cash up for grabs, including a Grand Prize for finding, wait for it, an "exploit unicorn"...

82% of enterprise Mac users not getting security updates

Apple109-250

Apple users are updating to OS X Mavericks in large numbers, but not fast enough. Corporate users in particular have been slow to upgrade, which could have serious security implications.

Apple updates Mavericks to 10.9.1, issues security fixes for Safari

mav-250

Apple just announced the first point update for its recently released OS X Mavericks.

Most of the fixes and enhancements are of the not-really-to-do-with-security sort, but the update includes a new version of Safari, with remote code execution patches.

Gmail takes image loading out of users' hands - here's how to take it back

Gmail's automatic image viewing, and how to turn it off

Gmail's new default is to automatically display all those HTML glamour shots that marketers desperately hope we'll click on. Does this really help our privacy and security, and how can you turn it off again?

How Twitter tracks the websites you visit, and how to stop it

Twitter

Last Thursday Twitter introduced promoted tweets (ads) targeted according to the websites you've visited. It seemed like a good time to explain how Twitter is doing it, how they've used a different technique to track the websites you visit for some time now, and how to turn it all off if you want to.

Microsoft Patch Tuesday - get ready to patch and reboot the lot, including Server Core

pt-dec-2013-250

This month really is an omnibus update: all platforms are affected, from XP to 8.1 and from Server 2003 to 2012, including stripped-down Server Core installs.

It looks as though the NDPROXY.SYS kernel bug in XP might be fixed, but, then again, it might not...

FTC slapdown, no iPhone for Mr President, and Dutch banks get tough - 60 Sec Security [VIDEO]

How could the brightest flashlight leave you in the dark? Do you need to close Joel's Backdoor? Why can't the President choose his own phone? Should you update your anti-virus before you bank online?

Find out in 60 Second Security!