- Steve Gibson's Fingerprint service detects SSL man in the middle spying - 04/14/2013 11:35 AM
Secure HTTPS web pages don't need to be decrypted to be spied on. All it takes is some man-in-the-middle proxying. For non-techies, detecting this type of snooping was all but impossible. But now, a new digital certificate fingerprinting service from Steve Gibson (famous for his Security Now podcast), lets us detect secure web pages that aren't entirely what they appear to be.
- New Java from Oracle. Whoopee. Update ASAP. - 02/01/2013 04:58 PM
Oracle today released updates to both Java 7 and Java 6. These updates fix a ton of security flaws and were rushed out the door because at least one flaw was being actively attacked. Anyone running Java on Windows, Linux. Solaris or OS X Lion and Mountain Lion should update as soon as possible. Apple also updated their copy of Java 6 for Snow Leopard users.
- Check your router now, before Lex Luthor does - 01/31/2013 05:52 PM
The DHS and security company Rapid7 have issued warnings about vulnerabilities in the UPnP protocol that leave millions of routers vulnerable. Rapid7 has an easy way to check if your router is vulnerable. If it is, run, don't walk, to your nearest nerd.
- Yet another Java security flaw discovered - Number 53 - 01/27/2013 10:41 PM
The river of security flaws in Java just keeps flowing. Today, January 27th, Adam Gowdiak of Security Enterprises, announced that he has found yet another vulnerability. This one lets an unsigned Java program run inside a web page even when the Java 7 Update 11 security rules should prevent it.