Redirect HTTP requests to HTTPS with Nginx

https

All login credentials transferred over plain HTTP can easily be sniffed by an MITM attacker, but is is not enough to encrypt the login forms. If you are visiting plain HTTP pages while logged in, your session can be hijacked, and not even two-factor authentication will protect you. To protect all info sent between your visitors – which includes you – and your web server, we will redirect all requests that are coming over plain HTTP to the HTTPS equivalent.

It is not really necessary to use HTTPS for absolutely all requests, but it makes your life much easier to just handle one scheme and redirect all plain HTTP traffic to the equivalent HTTPS resource. So please make sure you setup HTTPS for the same hostname that you use for plain HTTP. Do NOT use secure.example.com if your regular hostname is example.com orwww.example.com. The only difference should be the scheme – nothing else. This will save you from a lot of headaches further down the road. Continue reading “Redirect HTTP requests to HTTPS with Nginx”

A new malware is spreading on Facebook via Google Chrome

fb_malware

Sources report the spread of a new malware via the Chrome and Facebook notifications system. What appears to be notified instead it leads to the infected file downloads

It’s not news that hackers and cyber-criminals they should direct their attention especially to the most popular services in order to hit as many people as possible, and on a few web services are the most famous Facebook. Zuckerberg’s social network allows for years to internet users to meet and share experiences and information, and that is why it has been taken repeatedly targeted by cyber criminals, especially scammer, often taking advantage of the naivety of the public writing. Continue reading “A new malware is spreading on Facebook via Google Chrome”

Hack the Pentagon, bug hunt with a reward for the US Department of Defense

pentagon-hack

The Department of Defense expands Hack the Pentagon program that allows the public to find and report bugs and vulnerabilities behind a monetary reward

The Department of Defense United States of America has decided to expand the program Hack the Pentagon, which provides for public participation in a “bug hunt” with a monetary reward for those who identify and report any vulnerabilities of information systems DoD. Continue reading “Hack the Pentagon, bug hunt with a reward for the US Department of Defense”

GitHub, violated account credentials retrieved from other services

passwd

June 14, GitHub has undergone numerous intrusion attempts by an attacker in possession of e-mail and password combinations retrieved from the violation of other online services

On June 14 someone in possession of a list of e-mail addresses and passwords obtained from the impairment of various online services has made a massive number of attempts to login to the service GitHub. The security administrator have checked the log of access attempts, by identifying how the attacker was able to gain access to a number of accounts. Continue reading “GitHub, violated account credentials retrieved from other services”

Twitter: millions of passwords may have been stolen and sold

Twitter

Millions of the Twitter account passwords may have been stolen and sold in the ‘dark web’. The Russian hacker who claimed to be got hold of the enormous database with data from Twitter account put it for sale at a price of 10 bitcoin.

A few days after the news of the Twitter account hijacking of Mark Zuckerberg, the popular social network is back in the spotlight for another case of unauthorized removal and dissemination of personal data necessary to access it. This time, however, is not involved only one user, but of millions of accounts. Continue reading “Twitter: millions of passwords may have been stolen and sold”