Homograph attacks: Don’t believe everything you see

Just as attackers are finding new, increasingly sophisticated ways to try and evade the detection techniques used by antiviruses, they are also improving their methods designed to trick the user or at least evade the main techniques that tend to be taught in standard IT security training. Despite this, we can always take another step forward to strengthen … More Homograph attacks: Don’t believe everything you see

Google to draw attention to insecure HTTP websites

Google is looking to deliver even greater transparency when it comes to online security by identifying publicly – or “marking”, as it puts it – websites that are not as secure as they should be. In a blog, Emily Schechter, a product manager within the tech giant’s Chrome security team, revealed that as of 2017, its browser … More Google to draw attention to insecure HTTP websites

One-third of HTTPS websites left vulnerable to DROWN attack

A new vulnerability could leave as many as one-third of HTTPS websites open to decryption, meaning that sensitive data including usernames, passwords and credit card numbers could be at risk. The vulnerability has been dubbed DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) and affects servers using an SSLv2 certificate. The website for DROWN states that as many as 33% of sites … More One-third of HTTPS websites left vulnerable to DROWN attack