Troy Hunt

JULY 31, 2018

We're already seeing some sites on the Day 1 list go HTTPS (although frankly, if the site is that large and they've done it that quickly then I doubt it's because of our list), and really, that's the best possible outcome of this project - seeing websites drop off because an insecure request is now redirected to a secure one. So what gives?

IT 50

IT Security Insurance Risk 50

Troy Hunt

MAY 1, 2018

Edge now joins the other major browsers in rejecting any script which doesn't hash down to the value specified in the integrity tag. I talk about this in detail in my 6-step happy path to HTTPS so I'll give you just a quick recap here.

IT 49

IT Security Government 49

Troy Hunt

AUGUST 3, 2022

This made adding HTTPS to any website easy (and free), added heaps of really neat WAF functionality and empowered us to do cool things with caching. But this was all in-transit coolness whilst the app logic, data and vast bulk of the codebase sat at that origin site.

Passwords 145

Passwords IT 145

Security Affairs

JULY 9, 2019

The implementation of this feature leverages a local web server listening on port 19421 that could receive without necessary authorization commands through the HTTPS GET paraments. All the attacker need to do is to create an invite link through his account on the Zoom website and embed it on a website as an image tag or using an iFrame.

Phishing 75

Phishing Communications Cloud Cybersecurity 75

Troy Hunt

APRIL 19, 2018

Me: Ok, but be conscious that means they can never change those scripts without you first modifying the integrity attribute on your script tags and you need time to push that out so as not to break the site. It'll take your HTTP requests and automatically turn them into HTTPS ones. Me: HSTS is awesome, but it's different.

Security 47

Security IT 47

Troy Hunt

OCTOBER 28, 2020

I assumed Baidu got the lion's share of the votes by virtue of the HTTP address not being served over the secure scheme, even though HTTPS has got absolutely nothing to do with the trustworthiness of the contents of a website. — Bartek ?wierczy?ski

Phishing 144

Phishing Passwords Education IT 144

Troy Hunt

SEPTEMBER 26, 2018

No HTML tags. Scott Helme put me onto this originally via his two excellent posts on Securing DNS across all of my devices with Pi-Hole + DNS-over-HTTPS + 1.1.1.1 Somewhere in the middle is a responsible approach, for example the sponsorship banner you see at the top of this blog. That is all. No tracking.

Analytics 109

Analytics Risk IT Security 109

ForAllSecure

MARCH 29, 2023

An attacker can craft a malicious query that includes a script tag with JavaScript code that steals the user's session token, allowing the attacker to impersonate the user and perform actions on their behalf. API-based XSS attacks involve exploiting vulnerabilities in the APIs used by web applications to fetch and display data.

Security 40

Security Authentication Passwords Encryption 40

Troy Hunt

JULY 23, 2018

Make sure your site redirects to #HTTPS , so you don’t have the same problem. After all the advanced warnings combined with all we know to be bad about serving even static sites over HTTP , what sort of sites are left that are neglecting such a fundamental security and privacy basic? Cloudflare makes it easy! Who are these people?!

Security 66

Security IT Government Communications 66

ChiefTech

JUNE 12, 2007

Technorati tags: Mashing , Spreadsheets , EditGrid , Web 2.0 , Web Office 2.0 Take a look at https://www.editgrid.com/article/tour/mdf and see if it fits your need! So, which approach is likely to win in terms of providing mashing capabilities for the average user - drag and drop GUI or a next generation Web 2.0 era spreadsheet?

Paper 40

Paper Archiving IT 40

Troy Hunt

NOVEMBER 2, 2017

Let's extend that into the digital world and we'll talk about HTTPS for a bit. Not everyone was happy about this because hey, HTTPS is hard, right? His rationale was that because a site he worked on had some shoddy code and a nefarious party managed to modify the site yet the padlock remained , HTTPS is useless. Wrong again!

Passwords 81

Passwords Security IT 81

ChiefTech

NOVEMBER 8, 2007

Pipes too! :-) Technorati tags: RSS , Enterprise Web 2.0 , RSS Server , Attensa , Yahoo! We take the ability to transport email between organisations for granted and I think we need RSS to have the same abilities. I know the Attensa guys drop by occasionally, so hopefully this might give them food for thought.

Communications 40

Communications Encryption Authentication Mining 40

Troy Hunt

JANUARY 10, 2018

But as I've written before, there's a lot more to HTTPS than simply redirecting all the traffic ). Insecure Links to Resources That Redirect to HTTPS. This is another one of those nuances to watch out for when implementing HTTPS. That second request is shown to the left of the screen after the first one.

Security 111

Security Government Encryption Risk 111

ChiefTech

NOVEMBER 12, 2007

We believe the market is much broader than Gartner is allowing, encompassing content relevancy, discovery, and surfacing (what you need, when you need it, and in an app that can use it), user profile data, user initiated action, such as sharing and tagging, coupled with user generated content. " What do you think?

Computer and Electronics 40

Computer and Electronics Marketing IT Paper 40

eSecurity Planet

JANUARY 30, 2024

Prioritize HTTPS: Use HTTPS over HTTP and block unneeded ports. Use IAM tools: Use third-party tools to scan Identity and Access Management (IAM) policies. Review IaC: Ask team members to examine Infrastructure as Code (IaC) files. Make the default data storage settings private.

Cloud 110

Cloud Risk Security Encryption 110

Imperial Violet

SEPTEMBER 22, 2022

Nothing in WebAuthn works outside of a secure context , so if you’re not using HTTPS, go fix that first. Just adding the webauthn tag doesn’t do anything if there’s not a pending promise for the browser to resolve.) is a reasonable place, with the passkey tag. So create a table for them: CREATE TABLE passkeys (. StackOverflow.

Passwords 129

Passwords Authentication Libraries IT 129

Adapture

MAY 18, 2021

Using HTTPS. Many phishing sites now use HTTPS as a way of winning the trust and confidence of end users, many of whom sweepingly associate HTTPS with ‘safety’. It’s also a way of circumventing the ‘insecure’ labels popular browsers now tag HTTP sites with. The real danger in a phishing attack.

Phishing 52

Phishing Personal data Systems administration Ransomware 52

Security Affairs

APRIL 10, 2019

HTTPS Inspection. Custom tags. Yomi: The Malware Hunter” is not only a freely available automated analysis tool, it’s designed to engage the community and leverage hunter’s experience, enabling them to tag the submitted samples with names, families and contextual enrichments only a human analyst can afford.

Encryption 90

Encryption Security Archiving Communications 90