1 vote and 0 comments so far on Reddit

Author: Chris Lyne

What is CT? Certificate Transparency (CT) is an experimental IETF standard. The goal of CT is to allow the public to audit which certificates were created by Certificate Authorities (CA). TLS has a weakness that comes from the large list of CAs that your…

3 votes and 2 comments so far on Reddit

1 vote and 0 comments so far on Reddit

With some care, it turns out to be possible to spoof fake DNS responses using fragmented datagrams. While preparing a presentation for XS4ALL back in 2009, I found out how this could be done, but I…

Skilled hackers disabled security features of Aadhaar enrolment software, circulated hack on Whatsapp

Sploitus is a convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities. The search engine is also a good resource for finding security and vulnerability discovery tools.

Back in the days, the word Amazon used to refer to over half of earth's rainforests. While this is still true, it isn't what most people ...

Attackers don't need sophisticated tools to create effective malware. Basic tools work just fine. Case in point: Cybereason researchers discovered a .NET dropper/crypter. Here's how they reverse engineered it.

The shortage of proficient cyber operators in a world now dependent on connectivity and information has left nations scrambling to build capabilities in a vo...

Posted by Jann Horn, Google Project Zero Recently, there has been some attention around the topic of physical attacks on smartphones, wh...

by Mitja Kolsek, the 0patch Team As expected, Windows Update has just brought the official patch for CVE-2018-8440 today, a patch that w...

Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX

Learn more about update KB4457128, including improvements and fixes, any known issues, and how to get the update.

A first-hand look from the .NET engineering teams

The Keybase browser extension subverts the app's end-to-end encryption. Keybase considers that "an acceptable risk" and not worth fixing.

This post details the challenges FireEye faced examining boot records at scale and our solution to find evil boot records in large enterprise networks.

Here are some illustrated explanations of the main ways in which cryptographic hash functions can be attacked, and be resistant to those...

James challenged me to see if it was possible to create a polyglot JavaScript/JPEG. Doing so would allow me to bypass CSP on almost any website that hosts user-uploaded images on the same domain. I gl