All login credentials transferred over plain HTTP can easily be sniffed by an MITM attacker, but is is not enough to encrypt the login forms. If you are visiting plain HTTP pages while logged in, your session can be hijacked, and not even two-factor authentication will protect you. To protect all info sent between your visitors – which includes you – and your web server, we will redirect all requests that are coming over plain HTTP to the HTTPS equivalent.
It is not really necessary to use HTTPS for absolutely all requests, but it makes your life much easier to just handle one scheme and redirect all plain HTTP traffic to the equivalent HTTPS resource. So please make sure you setup HTTPS for the same hostname that you use for plain HTTP. Do NOT use
secure.example.com if your regular hostname is
www.example.com. The only difference should be the scheme – nothing else. This will save you from a lot of headaches further down the road. Continue reading “Redirect HTTP requests to HTTPS with Nginx”
Sources report the spread of a new malware via the Chrome and Facebook notifications system. What appears to be notified instead it leads to the infected file downloads
It’s not news that hackers and cyber-criminals they should direct their attention especially to the most popular services in order to hit as many people as possible, and on a few web services are the most famous Facebook. Zuckerberg’s social network allows for years to internet users to meet and share experiences and information, and that is why it has been taken repeatedly targeted by cyber criminals, especially scammer, often taking advantage of the naivety of the public writing. Continue reading “A new malware is spreading on Facebook via Google Chrome”
The Department of Defense expands Hack the Pentagon program that allows the public to find and report bugs and vulnerabilities behind a monetary reward
The Department of Defense United States of America has decided to expand the program Hack the Pentagon, which provides for public participation in a “bug hunt” with a monetary reward for those who identify and report any vulnerabilities of information systems DoD. Continue reading “Hack the Pentagon, bug hunt with a reward for the US Department of Defense”
June 14, GitHub has undergone numerous intrusion attempts by an attacker in possession of e-mail and password combinations retrieved from the violation of other online services
On June 14 someone in possession of a list of e-mail addresses and passwords obtained from the impairment of various online services has made a massive number of attempts to login to the service GitHub. The security administrator have checked the log of access attempts, by identifying how the attacker was able to gain access to a number of accounts. Continue reading “GitHub, violated account credentials retrieved from other services”
Millions of the Twitter account passwords may have been stolen and sold in the ‘dark web’. The Russian hacker who claimed to be got hold of the enormous database with data from Twitter account put it for sale at a price of 10 bitcoin.
A few days after the news of the Twitter account hijacking of Mark Zuckerberg, the popular social network is back in the spotlight for another case of unauthorized removal and dissemination of personal data necessary to access it. This time, however, is not involved only one user, but of millions of accounts. Continue reading “Twitter: millions of passwords may have been stolen and sold”
A harmless operation like copying text from an Internet site can open the door to a cyber attack. That’s how.
The greatest danger comes when a subverts attack one of our indisputable certainties. When we copy an element with the classic Ctrl + C, for example, we do not say even the problem of what we actually copied to the clipboard. And why should we? Continue reading “Even copy / paste can install a virus”
Discovered a gigantic botnet used to redirect the computer traffic and get the advertising revenue. According to analysts, it would be active for at least two years.
Making money with advertising on the Internet is easy: just join AdSense, create your own blog, fill it with interesting content and attract millions of people. Continue reading “Scam with AdSense: a million PCs to steal clicks”