Some of the biggest names in the web browser game — namely, Google, Microsoft and Mozilla — plan to stop accepting insecure SHA-1 certificates in 2017.
The WoT privacy breach highlights the commonplace nature of third-party data selling and frequent failure to read the fine print in user agreements.
First organized in 2005, The CA/Browser Forum is a voluntary group of certification authorities (CAs), vendors of internet browser software and suppliers of other applications that use X.509 v.3 digital certificates for SSL/TLS and code signing. In...
September was another huge month for mobile security news. Headlines included new security features for Android devices and the launch of a $12,000 phone.
Google recently introduced new tools for developers to help them create a better web content security policy. Specifically, the initiatives should target cross-site scripting (XSS) vulnerabilities, which Threatpost said are the “cockroach of...
The new Google API allows a network service to obtain a hardware-backed cryptographic guarantee of the identities of a device and the user accessing it.
August saw many shifts in the mobile security landscape, including several new launches, threats and other snippets providing insight into upcoming trends.
WPAD is an easy way to grab proxy information and get browsers online. When it comes to security, however, this protocol doesn't make the grade.
A security researcher discovered that the Qualcomm-made chips at the center of Android encryption can be exploited in a sophisticated attack.
More ad providers are moving to HTML5 to prevent malvertising, but this shift alone isn't enough to deter cybercriminals from their exploits.