Web Browsers

(get it in RSS or Atom)

"Probably tired and shagged out after a long squawk" - 60 Sec Security [VIDEO]

\

Our weekly witty-but-serious video - news you can use, and it only takes a minute.

Enjoy...

SSCC 191 - Live in Ljubljana [PODCAST]

Chester is on the road again, this time to present at a conference in Slovenia.

So this episode of the Chet Chat comes to you from an al fresco café in downtown Ljubljana...

"Pwn2Own" competition pops Flash, Reader and four browsers, pays out over $550K [POLL]

Pwn2Own has become something of an institution on the North American computer security conference circuit.

Come and vote in our poll to tell us what you think of security contests like this...

Microsoft's Project Spartan browser will replace Internet Explorer - but slowly

Project Spartan

Yes, Internet Explorer is going away, eventually. But Microsoft's admission that an unnamed browser - codenamed Project Spartan - will take over as the default browser in Windows 10 led to some premature celebrations.

Google turns Pwnium into an all-year, unlimited-rewards bug-hunting contest

Bug. Image courtesy of Shutterstock.

Google's new thinking around bug hunting: get it to us ASAP, from wherever you are.

SSCC 186 - Just how firm is your firmware? [PODCAST]

chet-chat-logo-featured-250

Here's the latest episode of our weekly security podcast - from firmware and Firefox to Project Zero and Lightning conductors.

Chet and Duck are in fine fettle as usual...enjoy!

Firefox to get a "walled garden" for browser extensions, Mozilla to be sole arbiter

Mozilla has announced that its Firefox browser is heading towards signed browser extensions only.

Even if you publish your extensions "off market," you'll have to get Mozilla to sign them first.

SSCC 185 - "I have a number for you: Eighty Million" [PODCAST]

chet-chat-logo-featured-250

Our weekly "Chet Chat" podcast is carefully prepared to fit into a quarter-hour, so it is clear and concise as well as being witty and amusing.

Enjoy...

Update Tuesday wrap-up, February 2015 - don't let JASBUG distract you

patch-tuesday-denim-250

Be careful!

The JASBUG vulnerability in Windows is grabbing the headlines, but there are other bugs this month that could hit you harder.

Paul Ducklin explains...

The end of the Silk Road for Dread Pirate Roberts - 60 Sec Security [VIDEO]

\

Here's our weekly "60 Second Security" video.

Enjoy a fresh and entertaining take on the latest security news in just one minute...

Internet Explorer has a Cross Site Scripting zero-day bug

ie11-250

Another day, another zero-day.

This time, it's Internet Explorer that is attracting the sort of publicity a browser doesn't want, with the public disclosure of an XSS bug.

Google redesigns security warnings after 70% of Chrome users ignore them

Google redesigns security warnings after 70% of Chrome users ignore them

You can strip jargon, but in the end, the warnings that work best are those with visual throb: pick the right colors and hide the wrong choices!

Anatomy of a browser dilemma - how HSTS 'supercookies' make you choose between privacy or security

biscuit-250

HTTP Strict Transport Security (HSTS) is supposed to keep you more secure online, but it could be used to track you against your will.

Mark Stockley explains...

WhatsApp Web has privacy holes that could expose user photos

whatsapp-250

WhatsApp has just rolled out a new service called WhatsApp Web that allows users to sync the messaging app between their mobile devices and desktop, but the new web client has a couple of privacy pitfalls that indicate it's not really ready for its close-up.

SSCC 183 - It's Data Privacy Day! Do something! [PODCAST]

chet-chat-logo-featured-250

From Apple's latest OS X and iOS updates to Data Privacy Day - listen, learn and enjoy!

How the Obamacare website healthcare.gov leaks private data

mouse-stethoscope-250

HealthCare.gov, the US insurance exchange website that is a central component of Obamacare (the Affordable Care Act), is sending personal information on users to third parties including Facebook, Google, and web analytics companies.

Update Tuesday wrap-up, January 2015 - See? We didn't use the word "Patch"!

Like fingers and thumbs, not all updates are patches, even if all patches are updates.

So, here's the skinny on Update Tuesday...including the security patches, of course.

SSCC 180 - Surely zero-days come from cybercrooks, not from Silicon Valley? [PODCAST]

Enjoy the first 2015 episode of our popular weekly security podcast.

In this episode: zero-day politics, leaky security features, Bitcoin news, and a shout out to our New Year #sophospuzzle winners!

GCHQ and police team up to hunt down child abusers on the darknet

GCHQ and police teaming up to hunt down child abusers on the darknet

A major crackdown on child-abuse imagery includes a new law making it illegal for an adult to send a sexual communication to a child.

Patch Tuesday wrap-up, December 2014 - why "Important" can be Critical...

patch-tuesday-denim-250

Adobe and Microsoft put forth their respective Patch Tuesday updates this week, bringing you their last scheduled patches of 2014.

Paul Ducklin digs in...