Showing only posts tagged HTTPS. Show all posts.

Rogue WHOIS server gives researcher superpowers no one should ever have

Source

Enlarge (credit: Aurich Lawson | Getty Images) It’s not every day that a security researcher acquires the ability to generate counterfeit HTTPS certificates, track email activity, and the position to execute code of his choice on thousands of servers—all in a single blow that cost only $20 and …

Hackers infect users of antivirus service that delivered updates over HTTP

Source

Enlarge (credit: Getty Images) Hackers abused an antivirus service for five years in order to infect end users with malware. The attack worked because the service delivered updates over HTTP, a protocol vulnerable to attacks that corrupt or tamper with data as it travels over the Internet. The unknown …