Secure HTTPS web pages don't need to be decrypted to be spied on. All it takes is some man-in-the-middle proxying. For non-techies, detecting this type of snooping was all but impossible. But now, a new digital certificate fingerprinting service from Steve Gibson (famous for his Security Now podcast), lets us detect secure web pages that aren't entirely what they appear to be.
Oracle released a new version of Java less than a week ago. Yet, there are already a dozen known, un-patched bugs in this latest release (Java 7 update 17). Didn't take long. It never does.
Adobe has released upates to the Flash Player for the second time in four days.
Oracle today released updates to both Java 7 and Java 6. These updates fix a ton of security flaws and were rushed out the door because at least one flaw was being actively attacked. Anyone running Java on Windows, Linux. Solaris or OS X Lion and Mountain Lion should update as soon as possible. Apple also updated their copy of Java 6 for Snow Leopard users.
The DHS and security company Rapid7 have issued warnings about vulnerabilities in the UPnP protocol that leave millions of routers vulnerable. Rapid7 has an easy way to check if your router is vulnerable. If it is, run, don't walk, to your nearest nerd.
The river of security flaws in Java just keeps flowing. Today, January 27th, Adam Gowdiak of Security Enterprises, announced that he has found yet another vulnerability. This one lets an unsigned Java program run inside a web page even when the Java 7 Update 11 security rules should prevent it.
The recently released Java 7 Update 11 changed security rules that had just been introduced last month with Update 10. Here I explain the rules for running Java programs embedded in web pages.
Oracle just released Java 7 Update 11 to fix the latest Java security flaw.
Everything you ever wanted to know about the latest Java security flaw and how to live with Java as safely as possible.
The Surface with Windows RT tablet has fallen off the radar screen.
Free Insider Guide