Facebook Adds Two-Factor Authentication

Social networking giant Facebook announced on Tuesday that it was introducing a two-factor security feature that will make user accounts harder to hijack. The announcement was part of a group of security enhancements by Facebook that includes improved secure HTTP features and social reporting too...

DEBIAN-CVE-2010-3900

Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312...

Zeus Trojan Now Has Hardware Licensing Scheme

The authors of the Zeus bot client, perhaps the most popular and pervasive piece of malware of its kind right now, have taken an extraordinary step to protect their creation: inserting a hardware-based licensing scheme into the Trojan. This represents a significant leap in the sophistication and...

Firefox directives to not cache pages ignored

Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...

security flaw

Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a...

CVE-2018-14773: Remove support for legacy and risky HTTP headers

More info at https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers...