With the introduction of Google's HTTPS Strict Transport Security (HSTS) preload program, TLDs owned by the search giant will now enforce HTTPS by default.
Researchers disclosed a new method known as "ghost host," in which malware authors input false names in the HTTP host fields of a botnet's communications.
A security researcher recently discovered a software vulnerability that allows attackers to exploit the way applications respond to HTTP CONNECT requests.
An HTTPS connection may reduce the attack surface of a browser, but it really doesn't help if the website doesn't use cookie encryption.
WPAD is an easy way to grab proxy information and get browsers online. When it comes to security, however, this protocol doesn't make the grade.
It seems that SpyEye distributors are catching up with the mobile market as they have finally begun targeting the Android mobile platform.