man in the middle

(get it in RSS or Atom)

Anatomy of a "goto fail" - Apple's SSL bug explained, plus an unofficial patch for OS X!

gotofail-250

Apple just patched an SSL/TLS bug in iOS - but the flaw is not yet fixed in OS X.

Paul Ducklin comes to the rescue with explanations, mitigations, and even an unofficial patch! (For educational purposes only, you understand.)

Ruby + OpenSSL && sprintf() == 2009-style Man-in-the-Middle?

ruby-250

If you have web-facing code written in Ruby, and you support SSL (which you do, right?), be sure to patch as soon as you can, to avoid falling victim to what seems very much like a four-year-old flaw...

LinkedIn flips the two-factor authentication switch

LinkedIn flips the two-factor authentication switch

Just in time for the one-year anniversary of getting its socks knocked off in an attack that saw 6.5 million passwords swiped. Thanks: that's a good anniversary gift, LinkedIn.

Use Instagram on your iPhone? Your account can be hijacked, claims security researcher

Instagram vulnerability

A security researcher has published a proof-of-concept attack on Instagram for iOS that would allow malicious users to remotely hijack victims' accounts, delete or download photos, and tinker with profile details.

Android developers - just how much can we trust them to do web security properly?

Android developers - just how much can we trust them to do web security properly?

Six German academics have taken on the question, "Just how well-informed are Android developers, and how much can we trust them to do web security properly?"

It seems the answer is, "Not enough."

Missing dots from email addresses opens 20GB data leak

Missing dots from email addresses opens 20GB data leak

Security researchers have captured 120,000 emails intended for Fortune 500 companies by exploiting a basic typo.

The emails included trade secrets, business invoices, personal information about employees, network diagrams and passwords.