Month: September 2016

ISC updates critical DoS bug in BIND DNS software

The Internet Systems Consortium (ISC) patched two vulnerabilities in domain name system software BIND, one of which was referred to as a “critical error condition” in the software. BIND is the most commonly deployed DNS server on the internet, translating domain names into IP addresses so that users can access applications and remote servers without

0Shares
Read More
Google dev tools beef up Content Security Policy defenses

Cross-site scripting attacks – the ability to inject unauthorized scripts into web applications – is pervasive, and even though developers have plenty of tools and technologies that can detect and fix XSS flaws, the attacks still keep coming. Google’s latest developer tools, CSP Evaluator and CSP Mitigator, tackle the XSS problem from a different angle,

0Shares
Read More
Firefox blocks websites with vulnerable encryption keys

To protect users from cryptographic attacks that can compromise secure web connections, the popular Firefox browser will block access to HTTPS servers that use weak Diffie-Hellman keys. Diffie-Hellman is a key exchange protocol that is slowly replacing the widely used RSA key agreement for the TLS  (Transport Layer Security) protocol. Unlike RSA, Diffie-Hellman can be

0Shares
Read More