Browsing tag
Short Bytes: Google had revealed its latest intentions to enhance encryption level of its domains. The same will be done by enabling HSTS encryption across various products preventing users from being redirected to unsafe links wrapped in the secure shell of HTTPS protocol. Google is quite resolute to make the web safer you. A new […]
Python’s built-in URL library (“urllib2” in 2.x and “urllib” in 3.x) is vulnerable to protocol stream injection attacks (a.k.a. “smuggling” attacks) via the http scheme. If an attacker could convince a Python application using this library to fetch an arbitrary URL, or fetch a resource from a malicious web server, then these injections could allow […]
BugSec Group and Cynet discovered a severe vulnerability in Next Generation Firewalls. Head of Offensive Security Stas Volfus uncovered the vulnerability, code-named FireStorm, which allows an internal entity or malicious code to interact and extract data out of the organization, completely bypassing the firewall limitation. It was discovered that the firewalls are designed to permit […]
In a recent blog post, Mozilla has showed its intent to phase out the non-secure websites i.e. the HTTP. Earlier this week, Mozilla announced its plan to favor the websites who have HTTPS enabled. If this happens, the web will be divided in two parts: the HTTPS websites with full functionality and the other HTTP […]