Two days ago a user asked Google about a strange warning he was getting when trying to access Gmail from Iran. Turns out he was getting a fraudulent SSL certificate that was issued incorrectly for *.google.com by DigiNotar, a Dutch certificate authority. It seems likely this was a deliberate man-in-the-middle attack to snoop email in Iran. This attack is the second SSL certificate compromise in a year (previously), pointing to a fundamental design flaw in Internet security. [more inside]
posted by Nelson on Aug 30, 2011 - 45 comments

“When it comes to user privacy, SSL is the elephant in the room.” Meet Firesheep: a Firefox plugin that sniffs out unencrypted HTTP sessions on your network segment and lets you impersonate any of the users found. Eric Butler unveiled it today at Toorcon 12, a San Diego conference on computing security, and it demonstrates what amounts to a gaping hole in the Web security model.
posted by spitefulcrow on Oct 24, 2010 - 67 comments

Starting today, Starbucks is offering free wifi in all of their US and Canadian stores. This has computer security folks a little edgy, since it could allow hackers and computer miscreants new opportunities to steal the data of unsuspecting computer users, and prompted Steve Gibson, computer security guru, to advise people to "just be afraid. Be very afraid." This applies to people who use laptops, wifi enabled cellphones and pdas. But there are ways to protect yourself. [more inside]
posted by crunchland on Jul 1, 2010 - 93 comments

Algorithms for dumb security questions
posted by nthdegx on Nov 18, 2007 - 19 comments

Someone is watching what you post. Today I received a note from a site called InternetSeer that told me some of my posts on The {Fray} were temporarily unavailable. Too bad I never asked them to keep an eye on things for me. Who are these people are what are they doing?
posted by tommasz on Nov 21, 2003 - 29 comments

Looks like Verisign forgot to renew their UK domain name.
posted by timeistight on Sep 28, 2002 - 15 comments

Internet II a series of articles from Forbes ASAP on such things as the coming broadband revolution through private/public consortiums, security and reliability improvements, Washington sclerosis and various other interesting miscellania. (and an update on Michael Milken!) Reminds me of the heyday of Wired :)
posted by kliuless on Oct 13, 2001 - 0 comments

Gartner Group recommends that IIS users look elsewhere for a better web server.
posted by vowe on Sep 21, 2001 - 8 comments

Any server can read all your IE cookies. From any domain. Anyone. I was just explaing to my folks that the reason cookies are (generally) safe is that this was NOT possible. Well, it's possible now.
posted by ericost on May 11, 2000 - 32 comments