January, 2015

article thumbnail

19.5% of https sites trigger browser warning as they use sha-1 signed certificates

Elie

19.5% of HTTPS-enabled sites in Alexa's Top 1 Million trigger or will soon trigger a Chrome security warning because they are using the now deprecated SHA-1 signature algorithm to sign their HTTPS certificate. Soon those sites will be flagged by all major browsers as insecure.

62
article thumbnail

Linux Ghost Vulnerability: A GHOST in the….Linux….Wires

NopSec

Our partner Qualys discovered a new vulnerability nick-named “GHOST” (called as such because it can be triggered by the GetHOST functions) and worked with most of the Linux operating system distributions to patch it as of January 27th 2015. The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials.

DNS 52
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Freedom of Expression and Privacy in Labour Disputes: Amendments to Alberta’s Personal Information Protection Act in Force

Privacy and Cybersecurity Law

Alberta’s Personal Information Protection Act (PIPA) entered 2015 with a (slightly) new look. Amendments set out in Bill 3, the […].

52
article thumbnail

Minding the Data Protection for Individuals

Spinone

Since we live in a digital world, we are so familiar with all privacy laws and its boundaries. All the news are full of caution not to be hacked, not to put easy passwords, and so on. Definitely, security is the top priority for brand companies to defend their critical data and reputation. Yet, we are more curious about if it’s important at all for individual users to care about hackers, or any other way of their data loss.

Backups 40
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Canadian Privacy Compliance: Time for your Online Checkup

Privacy and Cybersecurity Law

In a previous post on online behavioural advertising (OBA), we wrote about the Office of the Privacy Commissioner’s “call to action” to stakeholders in […].

article thumbnail

Detecting the GHOST glibc Vulnerability with Unified VRM

NopSec

In the previous blog post here, we described the GHOST Linux glibc vulnerability in details and its repercussions to the affected systems in terms of risk. NopSec Unified VRM helps identify the Linux GHOST glibc vulnerabilities in various flavors of Linux, performing authenticated scans. Furthermore, Linux authenticated scan can be performed using SSH through username / password and certificate as well.

article thumbnail

Customer Experience Case Study for Vulnerability Management

NopSec

If you haven’t read the book or watched the movie Fight Club , you may not understand this reference. “1st RULE: You do not talk about FIGHT CLUB.” One of the interesting things about working in the IT security business is that customers are very secretive about projects and generally are reluctant to publicly acknowledge any work. At NopSec we certainly can understand the need for discretion.