ClickSSL Weekly InfoSec Snipper October 3, 2016

This entry is part 43 of 73 in the series Weekly Infosec Snipper

Mozilla introduced Tracking Protection for User’s Privacy

Mozilla has announced new experimental features through its Test Pilot Program out of which one feature named Tracking Protection will affect user’s privacy. Currently, this feature is available only in private browsing mode and works by blocking known sources of tracking scripts. Firefox has also enabled feedback button to let Firefox users know where the Tracking Protection fails to protect users. There are other six features also available in Tracking Protection program.

Google Chrome released CSP Evaluator and CSP Mitigator Extensions

Google has released two extensions named CSP Evaluator and CSP Mitigator that will identify weakness arise due to XSS attacks. CSP is a set that will allow developers to limit script running in a page so attackers will not be able to load malicious scripts. There are 95% websites out of one billion websites do not follow CSR policies that allow attackers to sidestep CSP protection. Google also released nonce (a temporary token) based CSP policies means that helps to deploy CSP policies. CSP Mitigator will identify scripts that do not follow nonce policies.

Mozilla will ban Chinese CAs from Issuing SHA-1 Certificates

Mozilla is going to ban Chinese CA called WoSign and Israeli CA named StarCom for violating SSL certificate issuance. Both CAs have issued SHA-1 related certificates that are not acceptable according to new norms set by CA/Browse forum. Mozilla has not banned already issued certificates but put ban on both companies for temporary time. The authority has given one-year time to pass few tests otherwise Mozilla will ban all certificates.

OVH Hosting has suffered DDoS Attack

OVH hosting company faced a severe DDoS attack with peaks of one Tbps of traffic. The founder has revealed on Twitter that last week the company had large DDoS attack. One attack was peaked at 799 Gbps of traffic out of multiple attacks that is believed to be the largest DDoS attack until now. This DDoS attack was carried out over 152000 IoT devices, which included compromised, CCTV cameras and personal video recorder.

Cheap SSL

Facebook Enable OSquery tool for Windows OS

Facebook has released OSquery (a tool that scans for malware and malicious activity on network) for Windows OS. Earlier the tool was used for Mac OS X and Linux environment. OSquery scans every computer on the infrastructure. Even, SQL based queries allow security teams and developers to check monitor lower level functions in current time. Facebook has also published official documentation , the development environment, and a single script of OSquery.

Germany banned WhatsApp and Facebook

Germany has banned WhatsApp and Facebook from collecting 35 Million user data. Facebook had promised to avoid data sharing between Facebook and WhatsApp but after that, the scenario has changed. Facebook got approval neither from the company nor from any users. The content shared on WhatsApp is encrypted and is safe from interception. The Hamburg Commissioner for Data Protection and Freedom of Information Johannes Caspar has told Facebook to delete data that is already forwarded to WhatsApp.

The USA handled over the internet control to the ICANN

Since the beginning of the internet, the USA commerce department is regulating the internet. After 47 years, the contract had come to end and from now the ICANN-a non-profitable authority (whose motto is to assign domain names and fundamental IP address) will regulate the internet. Until now, the ICANN authority was performing its task under the supervision of US agency of department of Commerce (National Telecommunications and Information Administration (NTIA).

Series Navigation<< ClickSSL Weekly InfoSec Snipper September 26, 2016ClickSSL Weekly InfoSec Snipper October 11, 2016 >>
 

We Assure to Serve

Leading Brands

ClickSSL is platinum partner of leading CAs & offering broad range of SSL certificate products.

Valued Price

You are at right place to get cheapest SSLs; our prices are up to 79% low as compared to CAs.

100% Refund Policy

If you are not satisfied, our all SSL certificates are backed by 30-day 100% money back guarantee.

24×7 Support

Our experts are always active to help you, so you will get instant solutions for your queries.