Here’s some bad news for Android users. Security researchers have discovered 100+ more apps that fail to encrypt your login data properly, making it frightfully easy for hackers to steal your password. What’s worse: the vast majority of the app makers aren’t doing anything about it.
After security firm CrowdStrike discovered a virtual machine security flaw that could (in theory) put millions of data centers at risk for malware attack this week, the comparisons came on hot, sticky, and thick. It was Heartbleed, all over again.....but this time, even WORSE.
VPNs are great for security, but one of the big reasons many people use one is to mask or change their IP address. This lets you get around location-based restrictions on content, or check if your provider is throttling your connection. Unfortunately, a new security flaw can reveal your real IP address to prying…
So Shellshock is the newest vulnerability that may "break the internet." The last time they said that, it was about Heartbleed. Do I really need to be worried about all these bugs and vulnerabilities, or is this stuff tech companies need to care about? Can someone actually use these against me?
We've been concerned about the security of Java for a while now. There was that vulnerability that affected like a billion computers, and Apple went so far as to remove Java plugins from all OSX browsers. Now even the Department of Homeland Security is in on the act with a special message: "Yo, shut off that Java jazz
The web's full of vulnerabilities, but this exploit, which allows code to quietly yank your Mac's Address Book with Safari's AutoFill, seems bad enough that you should probably take a few seconds to disable AutoFill, just to be safe.