25584484
submission
arglebargle_xiv writes:
As of about two weeks ago, Google searches carried out from Firefox are returning meta redirects that require manually clicking through every search result in order to reach your target. In doing this Google is specifically targeting Firefox and no other browser (switching your user agent to anything other than Firefox gets rid of the problem). Presumably switching to Chrome would also resolve the issue. Could this targeting of Firefox be because it's Google's main competitor in the open-source browser market?
23657972
submission
arglebargle_xiv writes:
At the risk of burning people out on the topic of PKI fail, someone claiming to be the Diginotar hacker has come forward to claim responsibility: It's the ComodoGate hacker. He also claims to 0wn four more "high-profile" CAs, and still has the ability to issue new rogue certificates, presumably from other CAs that he 0wns.
23461794
submission
arglebargle_xiv writes:
Following on from Comodogate, we have another public CA issuing genuine false certificates to Iran, this time for Google. There's speculation that it's a MITM by the Iranian government, but given the existing record of CAs ready to sell certs to anyone whose check clears, it could just be another Comodogate.
22817088
submission
arglebargle_xiv writes:
The Internet was designed around the end-to-end principle, which says that functionality should be provided by end hosts rather than in the network itself. A new study of the effect of vast numbers of middleboxes on the Internet indicates that this is no longer the case, since far too many devices on the Internet interfere with traffic in some way. This has serious implications for network (protocol) neutrality (as well as future IPv6 deployment) since only the particular variations of TCP that they know about will pass through them.
22459770
submission
arglebargle_xiv writes:
- An effective defence against phishing attacks
- Better than nothing at all
- More security theatre than the TSA
- A protection racket to keep CAs in business
21764014
submission
arglebargle_xiv writes:
In a sign that many eyes don't really make (security) bugs shallow, a thirteen-year-old password-hashing bug that affects (at least) PHP, some Linux distros (Owl, ALT Linux, SUSE), and a variety of other apps has just been patched. This problem had been present in widely-used code since 1998 without anyone noticing it.
