Web Browsers

(get it in RSS or Atom)

Google turns Pwnium into an all-year, unlimited-rewards bug-hunting contest

Bug. Image courtesy of Shutterstock.

Google's new thinking around bug hunting: get it to us ASAP, from wherever you are.

SSCC 186 - Just how firm is your firmware? [PODCAST]

chet-chat-logo-featured-250

Here's the latest episode of our weekly security podcast - from firmware and Firefox to Project Zero and Lightning conductors.

Chet and Duck are in fine fettle as usual...enjoy!

Firefox to get a "walled garden" for browser extensions, Mozilla to be sole arbiter

Mozilla has announced that its Firefox browser is heading towards signed browser extensions only.

Even if you publish your extensions "off market," you'll have to get Mozilla to sign them first.

SSCC 185 - "I have a number for you: Eighty Million" [PODCAST]

chet-chat-logo-featured-250

Our weekly "Chet Chat" podcast is carefully prepared to fit into a quarter-hour, so it is clear and concise as well as being witty and amusing.

Enjoy...

Update Tuesday wrap-up, February 2015 - don't let JASBUG distract you

patch-tuesday-denim-250

Be careful!

The JASBUG vulnerability in Windows is grabbing the headlines, but there are other bugs this month that could hit you harder.

Paul Ducklin explains...

The end of the Silk Road for Dread Pirate Roberts - 60 Sec Security [VIDEO]

60ss-video-250

Here's our weekly "60 Second Security" video.

Enjoy a fresh and entertaining take on the latest security news in just one minute...

Internet Explorer has a Cross Site Scripting zero-day bug

ie11-250

Another day, another zero-day.

This time, it's Internet Explorer that is attracting the sort of publicity a browser doesn't want, with the public disclosure of an XSS bug.

Google redesigns security warnings after 70% of Chrome users ignore them

Google redesigns security warnings after 70% of Chrome users ignore them

You can strip jargon, but in the end, the warnings that work best are those with visual throb: pick the right colors and hide the wrong choices!

Anatomy of a browser dilemma - how HSTS 'supercookies' make you choose between privacy or security

biscuit-250

HTTP Strict Transport Security (HSTS) is supposed to keep you more secure online, but it could be used to track you against your will.

Mark Stockley explains...

WhatsApp Web has privacy holes that could expose user photos

whatsapp-250

WhatsApp has just rolled out a new service called WhatsApp Web that allows users to sync the messaging app between their mobile devices and desktop, but the new web client has a couple of privacy pitfalls that indicate it's not really ready for its close-up.

SSCC 183 - It's Data Privacy Day! Do something! [PODCAST]

chet-chat-logo-featured-250

From Apple's latest OS X and iOS updates to Data Privacy Day - listen, learn and enjoy!

How the Obamacare website healthcare.gov leaks private data

mouse-stethoscope-250

HealthCare.gov, the US insurance exchange website that is a central component of Obamacare (the Affordable Care Act), is sending personal information on users to third parties including Facebook, Google, and web analytics companies.

Update Tuesday wrap-up, January 2015 - See? We didn't use the word "Patch"!

Like fingers and thumbs, not all updates are patches, even if all patches are updates.

So, here's the skinny on Update Tuesday...including the security patches, of course.

SSCC 180 - Surely zero-days come from cybercrooks, not from Silicon Valley? [PODCAST]

Enjoy the first 2015 episode of our popular weekly security podcast.

In this episode: zero-day politics, leaky security features, Bitcoin news, and a shout out to our New Year #sophospuzzle winners!

GCHQ and police team up to hunt down child abusers on the darknet

GCHQ and police teaming up to hunt down child abusers on the darknet

A major crackdown on child-abuse imagery includes a new law making it illegal for an adult to send a sexual communication to a child.

Patch Tuesday wrap-up, December 2014 - why "Important" can be Critical...

patch-tuesday-denim-250

Adobe and Microsoft put forth their respective Patch Tuesday updates this week, bringing you their last scheduled patches of 2014.

Paul Ducklin digs in...

All PayPal accounts were 1 click away from hijacking

All PayPal accounts were 1 click away from hijacking

Until found and reported to PayPal, there was a security hole that meant 150 million-plus customers were one measly click away from account hijacking.

Browser fingerprints - the invisible cookies you can't delete

Browser fingerprints - the cookies you can't delete

The holy grail for tracking online is a unique ID that you can't delete. It exists - it's called a browser fingerprint and it's being used in the wild.

SSCC 173 - Lest we forget [PODCAST]

Here's the latest episode of our weekly "Chet Chat" security podast.

Chet and Duck take on the week's news in their inimitable way...enjoy!

Firefox turns 10 - celebrates by helping you to forget

The Firefox browser just turned 10.

Paul Ducklin takes a trip down memory lane...