Results of the experiment “HTTPS and HSTS for ITSecurityNews.info”

I wrote 4 months ago (Aug 14) about the switch to HTTPS per default on the new site ITSecurityNews.info. A week ago I wrote about the experiment of enhancing the headers of the website to show full compatibility with HSTS. Experiment started: HTTPS for ITSecurityNews.info Moving to HSTS   Now it is too early to say what impact the HSTS has over the traffic, but we can have a look on the traffic for HTTPS. Here is the shape:   The red vertical line is the point when I switched to HTTPS. There is a 10% increase in September, but…

Read More

Moving to HSTS

HTTP Strict Transport Security (HSTS)  is a policy mechanism that allows a web server to enforce the use of TLS in a compliant User Agent (UA), such as a web browser. HSTS allows for a more effective implementation of TLS by ensuring all communication takes place over a secure transport layer on the client side. Most notably HSTS mitigates variants of man in the middle (MiTM) attacks where TLS can be stripped out of communications with a server, leaving a user vulnerable to further risk. HSTS has been a highly anticipated and a much needed solution to the problems of HTTP being the default protocol…


Chrome will distrust SSL certificates generated by Symantec

I reviewed the headers of my IT Security News website https://www.itsecuritynews.info/ in order to add HSTS. This is what I can see in the headers.   The certificate used to load https://www.itsecuritynews.info/ uses an SSL certificate that will be distrusted in an upcoming release of Chrome. Once distrusted, users will be prevented from loading this resource. See https://g.co/chrome/symantecpkicerts for more information.   Source: https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html Checking the article, I see some disturbing news:   Information For Site Operators Starting with Chrome 66, Chrome will remove trust in Symantec-issued certificates issued prior to June 1, 2016. Chrome 66 is currently scheduled to be released…


Targeted Phishing against Strato.de

We have ta lot of phishing attempts in German against Strato.de:   Subject: Wir haben ein Abrechnungsproblem festgestellt. Sehr geehrter Kunde, Wir haben ein Abrechnungsproblem festgestellt. Diese Art von Fehlern zeigt normalerweise an, dass die Kreditkarte abgelaufen ist oder Ihre Rechnungsadresse ist ungültig. Klicken Sie auf den folgenden Link, um Ihre Informationen zu aktualisieren: https://www.strato.de/apps/CustomerService#/skl Herzliche Grüße ___________________________ Kundenbetreuung Strato S.p.A. www.strato.de ___________________________   Subject:Du hast eine Schuld von 5,00 € Strato Kundendienst BP 438 – 75366 Berlin CEDEX 08 Germaney Sehr geehrter Kunde, Du hast eine Schuld von 5,00 € Ein Betrag von 5,00 € ist für die Erneuerung…


Cybersecurity Engineering in the Automotive industry

A lot is happening in the Automotive industry these days. It has to do with connectivity, autonomous driving, autonomous parking, and so on. All these have one thing in common: they are producing extremely large amounts of data which needs to be processed in the backend by very powerful computers. When we talk connectivity, we MUST talk about cybersecurity.   This is why the Automotive industry has started to take this very seriously: We have the  ISO/SAE AWI 21434 : Road Vehicles — Cybersecurity engineering which is in the preparation stage We have the European Automobile Manufacturers’ Association (ACEA) who have released the “Principles of…


How to browse the web really anonymously

I’ve seen a lot of articles on the web about how to browse the web while keeping your privacy. By that I mean, nobody knows who you are, what you are browsing, no history kept, no temporary files remaining on the machine. Most of the articles on the web are created to make advertising to some VPN products. What is the solution? I think that the only solution is to use Tor, more specifically, the Tor Browser. The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody…


What do you do if your new flagship product sucks and you don’t want any bad reviews? (Updated)

I got convinced by some clever “reviews” to pre-order the “Amazon Fire HD-10 with Alexa”. The specs look extraordinary ! 25,65 cm (10,1 Zoll) 1080p Full HD-Display, 32 GB, with Special offers Now, what ca go wrong here ? Well, everything !!! The tablet has what it promises there… But there is a lot more to say about. This device is a piece of c*** … It is a cheap tablet, which you usually get on the very same site amazon.de for about 50€-100€.     And now the best of all: Amazon advertises the tablet as “better and more…


Set of online resources from AV-Comparatives.org

Here is a set of resources put together by AV-Comparatives.org : General guidelines in minimizing risks Online vulnerability starts with human vulnerability E-mail security Web navigation Safe online banking Safe online gaming Safe streaming Safe file… The post Set of online resources from AV-Comparatives.org appeared first on Improve Your Security. Want to get the book ? Get it from here: Improve your Security”


How to block the Skype Ads

Since Microsoft took over Skype, only bad things are happening. Really, I hate Skype since they started to get their orders from Redmond. 🙁 Once of the nerving things are the ads. Yes, these:       Here is how to get rid of it: Open Control Panel, go to Network and Internet Options. If you’re in Win10, goto Settings -> Internet Options It looks like this: Then click on “Security” and select “Restricted Sites”: Then click on “Sites” and you will see this window popping up. Add there this URL: https://apps.skype.com/   Close the window and restart Skype.  …


Digital blackmailing

We are used to see ransomware encrypting files and requesting money (bitcoin) to decrypt them. I received now a new email on a corporate address, which is a black-e-mail … in digital form. I have to say, that the amount of thoughts expressed in the email is interesting. Somebody, with some basic knowledge and bad English knowledge has put some infos together. 🙂   Here is the plain text, so that it is easier to index: Hello. I do not want to judge anyone, but as a result of several occasions, we have point of contact from now. I do…


%d bloggers like this:

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close