Featured news: Superfish, new malware warnings, universal SSL
Read Mozilla’s directions for getting Superfish out of Firefox (Feb. 27), Sophos on Superfish removal (Feb. 20), and a Fortinet Superfish FAQ. (Feb. 20) ESET also has a wise piece on unwarranted panic and false positives. (Feb. 20) Note: We hope we don’t ever have to write the word “Superfish” again.
Google Safe Browsing expands Chrome warnings: New warnings let users know when they’re about to visit a site known for encouraging downloads of unwanted or suspicious software. (Feb. 23)
Feedback and data-driven updates to Google’s Project Zero disclosure policy (Feb. 13)
Universal SSL: Public beta version of new CloudFlare service encrypts data from the browser to the origin for free. (Feb. 24)
Malware news + vulnerabilities
Google releases free, cloud-based web application security scanner that can help App Engine developers check for cross-site scripting and mixed content vulnerabilities. (Feb. 19)
Highlights from Internet Identity’s 2014 eCrime Trends Report (Feb. 25)
Fortinet: Decoy files used to spread CTB-Locker ransomware (Feb. 16)
Automattic (Feb. 6), Sucuri (Feb. 16), and SiteLock (Feb. 26) on a serious vulnerability affecting most versions of the Fancybox-for-WordPress plugin
SiteLock on a security flaw in the UpdraftPlus premium WordPress plugin (Feb. 17)
Sucuri: Vulnerabilities in Gravity Forms WP plugin (Feb. 26) and analytics plugin WP-Slimstat (Feb. 24)
Security news + perspectives
In case you missed it: After six years, StopBadware is shutting down its community forum. Details and recommended alternatives here.
Automattic: WordPress 4.1.1 is out! This one’s a maintenance release. (Feb. 18)
ESET on exploits: What are they, and how do they work? (Feb. 27)
DreamHost’s Mika E. talks about the virtues of open source and his experience writing plugins for WordPress. (Feb. 10)
SiteLock: How you can tell if a website is secure (Feb. 24)
Sucuri: Why websites get hacked (Feb. 26)
Add new comment