January, 2015

article thumbnail

19.5% of https sites trigger browser warning as they use sha-1 signed certificates

Elie

19.5% of HTTPS-enabled sites in Alexa's Top 1 Million trigger or will soon trigger a Chrome security warning because they are using the now deprecated SHA-1 signature algorithm to sign their HTTPS certificate. Soon those sites will be flagged by all major browsers as insecure.

62
article thumbnail

Linux Ghost Vulnerability: A GHOST in the….Linux….Wires

NopSec

Our partner Qualys discovered a new vulnerability nick-named “GHOST” (called as such because it can be triggered by the GetHOST functions) and worked with most of the Linux operating system distributions to patch it as of January 27th 2015. The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials.

DNS 52
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Minding the Data Protection for Individuals

Spinone

Since we live in a digital world, we are so familiar with all privacy laws and its boundaries. All the news are full of caution not to be hacked, not to put easy passwords, and so on. Definitely, security is the top priority for brand companies to defend their critical data and reputation. Yet, we are more curious about if it’s important at all for individual users to care about hackers, or any other way of their data loss.

Backups 40
article thumbnail

Freedom of Expression and Privacy in Labour Disputes: Amendments to Alberta’s Personal Information Protection Act in Force

Privacy and Cybersecurity Law

Alberta’s Personal Information Protection Act (PIPA) entered 2015 with a (slightly) new look. Amendments set out in Bill 3, the […].

52
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Detecting the GHOST glibc Vulnerability with Unified VRM

NopSec

In the previous blog post here, we described the GHOST Linux glibc vulnerability in details and its repercussions to the affected systems in terms of risk. NopSec Unified VRM helps identify the Linux GHOST glibc vulnerabilities in various flavors of Linux, performing authenticated scans. Furthermore, Linux authenticated scan can be performed using SSH through username / password and certificate as well.

article thumbnail

The Worst Passwords of 2014

Spinone

It’s time to analyze last year’s mistakes. Let’s start with redefining our privacy and security. Here is the annual list of the 25 most frequently passwords found on the Internet appearing to be the Worst Passwords, that will expose anybody to being hacked or having their identities stolen. SplashData has released its annual list of the most common passwords compiled from more than 3.3 million leaked passwords during the year of 2014.

article thumbnail

Canadian Privacy Compliance: Time for your Online Checkup

Privacy and Cybersecurity Law

In a previous post on online behavioural advertising (OBA), we wrote about the Office of the Privacy Commissioner’s “call to action” to stakeholders in […].