Security – Security

Microsoft ships antivirus for macOS as Windows Defender becomes Microsoft Defender

March 21, 2019 by Peter Bright

Peter Bright

Microsoft is bringing its Windows Defender anti-malware application to macOS—and more platforms in the future—as it expands the reach of its Defender Advanced Threat Protection (ATP) platform. To reflect the new cross-platform nature, the suite is also being renamed to Microsoft Defender ATP, with the individual clients being labelled "for…

Preventing Request Loops Using CDN-Loop

March 20, 2019 by Alex Davidson

Alex Davidson

HTTP requests typically originate with a client, and end at a web server that processes the request and returns some response. Such requests may pass through multiple proxies before they arrive at the requested resource. If one of these proxies is configured badly (for instance, back to a proxy that…

Google Project Zero, Microsoft collaborate for 12 months to find new kind of Windows bug

March 18, 2019 by Peter Bright

Peter Bright

Enlarge (credit: Marco Verch / Flickr) One of the more notable features of Google Project Zero's (GPZ) security research has been its 90-day disclosure policy. In general, vendors are given 90 days to address issues found by GPZ, after which the flaws will be publicly disclosed. But sometimes understanding a…

Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception

March 18, 2019 by Gabbi Fisher

Gabbi Fisher

The practice of HTTPS interception continues to be commonplace on the Internet. HTTPS interception has encountered scrutiny, most notably in the 2017 study “The Security Impact of HTTPS Interception” and the United States Computer Emergency Readiness Team (US-CERT) warning that the technique weakens security. In this blog post, we provide…

RFC8482 – Saying goodbye to ANY

March 15, 2019 by Marek Majkowski

Marek Majkowski

Ladies and gentlemen, I would like you to welcome the new shiny RFC8482, which effectively deprecates the DNS ANY query type. DNS ANY was a "meta-query" - think of it as a similar thing to the common A, AAAA, MX or SRV query types, but unlike these it wasn't a…

Epic says its Game Store is not spying on you

March 15, 2019 by Kyle Orland

Kyle Orland

Enlarge / Despite what you may have read, Epic says this is not spyware. This week, certain corners of the gaming Internet have been abuzz with a bit of self-described "amateur analysis" suggesting some "pretty sketchy," spyware-like activity on the part of the Epic Game Store and its launcher software.…

An email marketing company left 809 million records exposed online

March 9, 2019 by WIRED

WIRED

Enlarge / (GERMANY OUT) Leerstehendes Fabrikgebäude im Bonner Stadtteil Friesdorf. Vernagelte Eingangstüre mit zerschlagenen Scheiben (Photo by JOKER / Karl-Heinz Hick/ullstein bild via Getty Images) (credit: Ullstein Bild | Getty Images) By this point, you've hopefully gotten the message that your personal data can end up exposed in all sorts…

Stopping Drupal’s SA-CORE-2019-003 Vulnerability

March 5, 2019 by Richard Sommerville

Richard Sommerville

On the 20th February 2019, Drupal announced that they had discovered a severe vulnerability and that they would be releasing a patch for it the next day. Drupal is a Content Management System used by many of our customers, which made it important that our WAF protect against the vulnerability…

The rise of tech-worker activism

March 1, 2019 by Annalee Newitz

Annalee Newitz

Video by Chris Schodt, production by Justin Wolfson. (video link) In this episode of Ars Technica Live, we spoke with Leigh Honeywell, a security engineer who has worked at several large tech companies as well as the ACLU. She's been at the forefront of worker organizing in the tech industry,…

Microsoft’s latest security service uses human intelligence, not artificial

February 28, 2019 by Peter Bright

Peter Bright

Enlarge / Microsoft security experts monitoring the world, looking for hackers. (credit: Microsoft) Microsoft has announced two new cloud services to help administrators detect and manage threats to their systems. The first, Azure Sentinel, is very much in line with other cloud services: it's dependent on machine learning to sift…

Cloudflare’s RPKI Toolkit

February 24, 2019 by Louis Poinsignon

Louis Poinsignon

A few months ago, we made a first then a second announcement about Cloudflare’s involvement in Resource Public Key Infrastructure (RPKI), and our desire to make BGP Internet routing more secure. Our mission is to build a safer Internet. We want to make it easier for network operators to deploy…

Google: Software is never going to be able to fix Spectre-type bugs

February 23, 2019 by Peter Bright

Peter Bright

Enlarge (credit: Aurich Lawson / Getty Images) Researchers from Google investigating the scope and impact of the Spectre attack have published a paper asserting that Spectre-like vulnerabilities are likely to be a continued feature of processors and, further, that software-based techniques for protecting against them will both impose a high…

Cloudflare Registrar at three months

February 22, 2019 by Sam Rhea

Sam Rhea

We announced Cloudflare Registrar in September. We launched the product by making it available in waves to our existing customers. During that time we gathered feedback and continued making improvements to the product while also adding more TLDs.Staring today, we’re excited to make Cloudflare Registrar available to all of our…

Cloudflare Access now supports RDP

February 21, 2019 by Sam Rhea

Sam Rhea

Last fall, the United States FBI warned organizations of an increase in attacks that exploit vulnerabilities in the Remote Desktop Protocol (RDP). Attackers stole sensitive data and compromised networks by taking advantage of desktops left unprotected. Like legacy VPNs, RDP configurations made work outside of the office corporate network possible…

Stop the Bots: Practical Lessons in Machine Learning

February 20, 2019 by Nikon Rasumov

Nikon Rasumov

Bot-powered credential stuffing is a scourge on the modern Internet. These attacks attempt to log into and take over a user’s account by assaulting password forms with a barrage of dictionary words and previously stolen account credentials, with the aim of performing fraudulent transactions, stealing sensitive data, and compromising personal…

1 2 3 … 10 Next »