#privacy Instagram Photos & Videos

privacy - 544.8k posts

    Mastercourse in diritto applicato all'informatica e protezione dei dati personali

https://www.euroconference.it/centro_studi_forense/giuristi_specializzati_in_diritto_applicato_allinformatica?utm_source=criteo&utm_medium=displayRET&utm_campaign=retargeting #dirittoinformatica #Privacy #itlaw

    Mastercourse in diritto applicato all'informatica e protezione dei dati personali

    https://www.euroconference.it/centro_studi_forense/giuristi_specializzati_in_diritto_applicato_allinformatica?utm_source=criteo&utm_medium=displayRET&utm_campaign=retargeting #dirittoinformatica #Privacy #itlaw

    0 0 27 minutes ago
    Gestão de processos e LGPD - parte 1

A implantação da LGPD é multifuncional. Vou abordar neste post a importância da gestão de processos para a implantação da Lei Geral de Proteção de Dados. (Pega a visão!) Após a etapa do levantamento do Gap assessment é necessário realizar o Data Analysis. É nesta fase que se levanta os processos de negócios que tratam de dados pessoais.

Se a sua empresa possuir uma área de gestão de processos que realiza o gerenciamento desses processos, regulamentos, instruções, procedimentos  e politicas... Será mais fácil a identificação de quais áreas da organização coletam tratam e armazenam os dados pessoais dos clientes.

Caso não possuam essa área estruturada em sua organização, Keep calm e mão na ferramenta para realizar esses mapeamentos! (Apenas os que envolvem dados pessoais, não vão sair mapeando neste momento todos os processos da organização!) A partir dos processos levantados é possível realizar o levantamento do inventário, classificar os dados, definir acessos e criar uma visão do ciclo de vida dos dados de forma a identificar as fragilidades e vulnerabilidades de atuação de cada área alinhado sempre com as bases legais que os suportam.
 #gdpr #lgpd #gestaodeprocessos #bpmn #bpm  #proteçãodedados #segurancadedados #privacidade #privacy #leigeraldeproteçãodedados #compliance #dataprivacy

    Gestão de processos e LGPD - parte 1

    A implantação da LGPD é multifuncional. Vou abordar neste post a importância da gestão de processos para a implantação da Lei Geral de Proteção de Dados. (Pega a visão!) Após a etapa do levantamento do Gap assessment é necessário realizar o Data Analysis. É nesta fase que se levanta os processos de negócios que tratam de dados pessoais.

    Se a sua empresa possuir uma área de gestão de processos que realiza o gerenciamento desses processos, regulamentos, instruções, procedimentos e politicas... Será mais fácil a identificação de quais áreas da organização coletam tratam e armazenam os dados pessoais dos clientes.

    Caso não possuam essa área estruturada em sua organização, Keep calm e mão na ferramenta para realizar esses mapeamentos! (Apenas os que envolvem dados pessoais, não vão sair mapeando neste momento todos os processos da organização!) A partir dos processos levantados é possível realizar o levantamento do inventário, classificar os dados, definir acessos e criar uma visão do ciclo de vida dos dados de forma a identificar as fragilidades e vulnerabilidades de atuação de cada área alinhado sempre com as bases legais que os suportam.
    #gdpr #lgpd #gestaodeprocessos #bpmn #bpm #proteçãodedados #segurancadedados #privacidade #privacy #leigeraldeproteçãodedados #compliance #dataprivacy

    0 0 1 hour ago
    Facebook admits that it listened to Messenger’s voice messages, but what is the real purpose? - #Facebook #trouble #privacy #Messenger
Link: https://unravelmalta.com/facebook-admits-that-it-listened-to-messengers-voice-messages-but-what-is-the-real-purpose/

    Facebook admits that it listened to Messenger’s voice messages, but what is the real purpose? - #Facebook #trouble #privacy #Messenger
    Link: https://unravelmalta.com/facebook-admits-that-it-listened-to-messengers-voice-messages-but-what-is-the-real-purpose/

    0 0 1 hour ago
    Edward and I are using Signal to communicate. Since messenger and WhatsApp are owned by Mark "big brother " Zuckerberg, I think it is good to not give too much of our lives to one guy, don't you? You know now how to reach me 😎 #signal #messenger #zuckerberg #privacy #gafam

    Edward and I are using Signal to communicate. Since messenger and WhatsApp are owned by Mark "big brother " Zuckerberg, I think it is good to not give too much of our lives to one guy, don't you? You know now how to reach me 😎 #signal #messenger #zuckerberg #privacy #gafam

    0 0 1 hour ago
    Stop using Facebook ! You know it (or maybe not), Facebook is one of those Buisness that most collect your personal data (remember the Cambridge Analytica’s case). He collect your likes/dislikes, all your interaction and more..... to better target and influence you ! #facebook #personaldata #privacy #cambridgeanalytica #dataprotection #stop

    Stop using Facebook ! You know it (or maybe not), Facebook is one of those Buisness that most collect your personal data (remember the Cambridge Analytica’s case). He collect your likes/dislikes, all your interaction and more..... to better target and influence you ! #facebook #personaldata #privacy #cambridgeanalytica #dataprotection #stop

    2 0 1 hour ago
    Bluetooth vulnerability could expose device data to hackers.

The vulnerability is pretty clever: instead of directly breaking the encryption, it allows hackers to force a pair of Bluetooth devices to use weaker encryption in the first place, making it far easier to crack. Each time two Bluetooth devices connect, they establish a new encryption key. If an attacker gets in between that setup process, they could potentially trick the two devices into settling on an encryption key with a relatively small number of characters. The attacker would still have to perform a brute-force attack against one of the devices to figure out the exact password, but that attack could happen in an achievable amount of time, thanks to this flaw.

It seems that most people using Bluetooth devices don’t need to be too worried, though. In order to execute this attack, a hacker would have to be present during the Bluetooth devices’ connection, block each device’s initial transmission when establishing encryption key length, and broadcast their own message, “all within a narrow time window,” says the organization behind the standard. The hacker would also have to be in range and repeat the attack every time they wanted to break in again.

Not every device is vulnerable, either. The flaw only applies to traditional Bluetooth devices (not Bluetooth Low Energy, which is frequently used in low-power devices like wearables), and some Bluetooth devices may have protection against it, if they have a hard-coded minimum password strength. The organization behind Bluetooth can’t fix the flaw, but it’ll protect against it going forward by recommending that a minimum password length be implemented on vulnerable devices.

Source: www.theverge.com

#pentest #hacking #infosec #vulnerability #security #pentesting #cybertalks 
#linux #securitytalks #informationsecurity  #cybersecurity #cyberseguridad #ciberseguridad 
#ethicalhacking #ethicalhacker #cybercrime #cyberattack #privacy #protectdata

    Bluetooth vulnerability could expose device data to hackers.

    The vulnerability is pretty clever: instead of directly breaking the encryption, it allows hackers to force a pair of Bluetooth devices to use weaker encryption in the first place, making it far easier to crack. Each time two Bluetooth devices connect, they establish a new encryption key. If an attacker gets in between that setup process, they could potentially trick the two devices into settling on an encryption key with a relatively small number of characters. The attacker would still have to perform a brute-force attack against one of the devices to figure out the exact password, but that attack could happen in an achievable amount of time, thanks to this flaw.

    It seems that most people using Bluetooth devices don’t need to be too worried, though. In order to execute this attack, a hacker would have to be present during the Bluetooth devices’ connection, block each device’s initial transmission when establishing encryption key length, and broadcast their own message, “all within a narrow time window,” says the organization behind the standard. The hacker would also have to be in range and repeat the attack every time they wanted to break in again.

    Not every device is vulnerable, either. The flaw only applies to traditional Bluetooth devices (not Bluetooth Low Energy, which is frequently used in low-power devices like wearables), and some Bluetooth devices may have protection against it, if they have a hard-coded minimum password strength. The organization behind Bluetooth can’t fix the flaw, but it’ll protect against it going forward by recommending that a minimum password length be implemented on vulnerable devices.

    Source: www.theverge.com

    #pentest #hacking #infosec #vulnerability #security #pentesting #cybertalks
    #linux #securitytalks #informationsecurity #cybersecurity #cyberseguridad #ciberseguridad
    #ethicalhacking #ethicalhacker #cybercrime #cyberattack #privacy #protectdata

    16 0 1 hour ago
    Loving this feature and falling for Helensvale Haus all over again 🖤 Check out the full episode @huntingforgeorge 😊
・・・
#Repost @huntingforgeorge
・・・
Yaass! Episode 13 is here! 🙌 This week we take you to the sunny Gold Coast and explore a brand new build. Designed with privacy in mind this home is a tropical sanctuary in the middle of the suburbs! Fun interiors, boys toys 🏁 indoor plants galore 🌿 and lots and lots of black 🖤 Hit the link in our bio to watch the full episode and join @lucygladewright as she checks out the very happy Helensvale Haus on the Gold Coast! Designed by @happy_haus 😊 🎥 @summer_slay

    Loving this feature and falling for Helensvale Haus all over again 🖤 Check out the full episode @huntingforgeorge 😊
    ・・・
    #Repost @huntingforgeorge
    ・・・
    Yaass! Episode 13 is here! 🙌 This week we take you to the sunny Gold Coast and explore a brand new build. Designed with privacy in mind this home is a tropical sanctuary in the middle of the suburbs! Fun interiors, boys toys 🏁 indoor plants galore 🌿 and lots and lots of black 🖤 Hit the link in our bio to watch the full episode and join @lucygladewright as she checks out the very happy Helensvale Haus on the Gold Coast! Designed by @happy_haus 😊 🎥 @summer_slay

    29 1 1 hour ago
    Researchers reveal the latest lateral phishing tactics.

Researchers from Barracuda, UC Berkeley and UC San Diego have studied 180 lateral phishing incidents and have identified the following patterns organizations and individuals should be aware of:

One in 10 of the lateral phishing attacks succeed42% don’t get reported to the organization’s IT or security team98% of the lateral phishing incidents occurred during a weekday

You would think that most lateral phishing would take the form of refined and highly personalized messages, but in most cases that’s not true. “Across the incidents studied, our researchers found that the majority of lateral phishing attacks rely on two deceptive narratives: messages that falsely alert the user of a problem with their email account, and messages that provides a link to a fake ‘shared’ document, Barracuda said in a recently released report.

Being aware of these tactics is one way individuals and organizations can protect themselves. Another one is to use security solutions that are geared towards spotting them. Protecting accounts with 2-factor authentication (preferably hardware-based) could also thwart most (if not all) of these attacks.

Ideally, organizations should combine all of these solutions.

Source: www.helpnetsecurity.com

#pentest #hacking #infosec #vulnerability #security #pentesting #cybertalks 
#linux #securitytalks #informationsecurity  #cybersecurity #cyberseguridad #ciberseguridad 
#ethicalhacking #ethicalhacker #cybercrime #cyberattack #privacy #protectdata

    Researchers reveal the latest lateral phishing tactics.

    Researchers from Barracuda, UC Berkeley and UC San Diego have studied 180 lateral phishing incidents and have identified the following patterns organizations and individuals should be aware of:

    One in 10 of the lateral phishing attacks succeed42% don’t get reported to the organization’s IT or security team98% of the lateral phishing incidents occurred during a weekday

    You would think that most lateral phishing would take the form of refined and highly personalized messages, but in most cases that’s not true. “Across the incidents studied, our researchers found that the majority of lateral phishing attacks rely on two deceptive narratives: messages that falsely alert the user of a problem with their email account, and messages that provides a link to a fake ‘shared’ document, Barracuda said in a recently released report.

    Being aware of these tactics is one way individuals and organizations can protect themselves. Another one is to use security solutions that are geared towards spotting them. Protecting accounts with 2-factor authentication (preferably hardware-based) could also thwart most (if not all) of these attacks.

    Ideally, organizations should combine all of these solutions.

    Source: www.helpnetsecurity.com

    #pentest #hacking #infosec #vulnerability #security #pentesting #cybertalks
    #linux #securitytalks #informationsecurity #cybersecurity #cyberseguridad #ciberseguridad
    #ethicalhacking #ethicalhacker #cybercrime #cyberattack #privacy #protectdata

    28 0 1 hour ago
    It’s time for tighter regulation of how Facebook and Google use our data https://buff.ly/2YPEjVV #privacy

    It’s time for tighter regulation of how Facebook and Google use our data https://buff.ly/2YPEjVV #privacy

    2 0 1 hour ago
    With the growing popularity of cryptocurrency, exchanges must tighten their security to draw more investors in their platform and how do you think they do that? 2FA is keeping their users secured and how much secured do you think this is?: https://blog.kucoin.com/crypto-exchange-security-best-2fa-apps-for-crypto-sk-ig #2FA #security #privacy #crypto #exchange

    With the growing popularity of cryptocurrency, exchanges must tighten their security to draw more investors in their platform and how do you think they do that? 2FA is keeping their users secured and how much secured do you think this is?: https://blog.kucoin.com/crypto-exchange-security-best-2fa-apps-for-crypto-sk-ig #2FA #security #privacy #crypto #exchange

    0 0 1 hour ago
    #Repost @nytopinion
• • • • • •
Sometimes, you may need to see something to believe it. But what happens when what you’re seeing shouldn’t be believed? Enter: deepfake videos. "What really keeps me awake at night is less the technology, it's how we as a society respond to the idea that we can't trust what we see or what we hear. When anything can be fake it becomes much easier for the guilty to dismiss the truth as fake," says Claire Wardle. | ✍️ Claire Wardle 🎥 @leahvarjacques @taigejensen #privacy #misinformation #deepfakes #nytopinion

    #Repost @nytopinion
    • • • • • •
    Sometimes, you may need to see something to believe it. But what happens when what you’re seeing shouldn’t be believed? Enter: deepfake videos. "What really keeps me awake at night is less the technology, it's how we as a society respond to the idea that we can't trust what we see or what we hear. When anything can be fake it becomes much easier for the guilty to dismiss the truth as fake," says Claire Wardle. | ✍️ Claire Wardle 🎥 @leahvarjacques @taigejensen #privacy #misinformation #deepfakes #nytopinion

    0 0 2 hours ago
    LINK IN BIO

Bere un buon caffè mentre al banco ti consigliano come configurare la tua privacy? Mh. Il primo Facebook Café apre il 28 agosto a Londra. Ecco di cosa si tratta, e cosa ne penso.

@facebook #facebook #UK #privacy #17agosto

https://t.co/mtnj4Tj7vc

    LINK IN BIO

    Bere un buon caffè mentre al banco ti consigliano come configurare la tua privacy? Mh. Il primo Facebook Café apre il 28 agosto a Londra. Ecco di cosa si tratta, e cosa ne penso.

    @facebook #facebook #UK #privacy #17agosto

    https://t.co/mtnj4Tj7vc

    6 0 2 hours ago
    THE NATIONAL SECURITY Agency develops advanced hacking tools in-house for both offense and defense—which you could probably guess even if some notable examples hadn't leaked in recent years. But on Tuesday at the RSA security conference in San Francisco, the agency demonstrated Ghidra, a refined internal tool that it has chosen to open source. And while NSA cybersecurity adviser Rob Joyce called the tool a "contribution to the nation’s cybersecurity community" in announcing it at RSA, it will no doubt be used far beyond the United States.

You can't use Ghidra to hack devices; it's instead a reverse-engineering platform used to take "compiled," deployed software and "decompile" it. In other words, it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveal what the software you churn through it does. Reverse engineering is a crucial process for malware analysts and threat intelligence researchers, because it allows them to work backward from software they discover in the wild—like malware being used to carry out attacks—to understand how it works, what its capabilities are, and who wrote it or where it came from. Reverse engineering is also an important way for defenders to check their own code for weaknesses and confirm that it works as intended. "If you’ve done software reverse engineering, what you’ve found out is it’s both art and science; there’s not a hard path from the beginning to the end," Joyce said. "Ghidra is a software reverse-engineering tool built for our internal use at NSA. We're not claiming that this is the one that’s going to be replacing everything out there—it's not. But it helped us address some things in our workflow."
#cybersecurity #infosec #computerscience #computerengineering #riskmanagement #encryption #IoT #AI #dataprotection #privacy #hacking #hacker #pentest #tech #datascience #code #coding #python #php #linux #java #webdev #programming #programmer #webdeveloper #digital #innovation #cloud #technology #security

    THE NATIONAL SECURITY Agency develops advanced hacking tools in-house for both offense and defense—which you could probably guess even if some notable examples hadn't leaked in recent years. But on Tuesday at the RSA security conference in San Francisco, the agency demonstrated Ghidra, a refined internal tool that it has chosen to open source. And while NSA cybersecurity adviser Rob Joyce called the tool a "contribution to the nation’s cybersecurity community" in announcing it at RSA, it will no doubt be used far beyond the United States.

    You can't use Ghidra to hack devices; it's instead a reverse-engineering platform used to take "compiled," deployed software and "decompile" it. In other words, it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveal what the software you churn through it does. Reverse engineering is a crucial process for malware analysts and threat intelligence researchers, because it allows them to work backward from software they discover in the wild—like malware being used to carry out attacks—to understand how it works, what its capabilities are, and who wrote it or where it came from. Reverse engineering is also an important way for defenders to check their own code for weaknesses and confirm that it works as intended. "If you’ve done software reverse engineering, what you’ve found out is it’s both art and science; there’s not a hard path from the beginning to the end," Joyce said. "Ghidra is a software reverse-engineering tool built for our internal use at NSA. We're not claiming that this is the one that’s going to be replacing everything out there—it's not. But it helped us address some things in our workflow."
    #cybersecurity #infosec #computerscience #computerengineering #riskmanagement #encryption #IoT #AI #dataprotection #privacy #hacking #hacker #pentest #tech #datascience #code #coding #python #php #linux #java #webdev #programming #programmer #webdeveloper #digital #innovation #cloud #technology #security

    6 0 2 hours ago
    In molti paesi del mondo, le parole salute pubblica, velocità ed efficienza non vanno tipicamente a braccetto.

In Estonia 🇪🇪 una piccola repubblica baltica di appena un milione e 300 mila abitanti, lo stato ha *davvero* preso a cuore la salute e il benessere dei suoi cittadini.

Ho visto e sentito cose che sembravano fantascienza.

Eppure, era tutto vero? 
Te ne parlo nel video ▶️ Nel primo commento qui sotto ti racconto un retroscena👇🏻
.
.
.
.
.
.
.
.
#sanità #salute #medicina #medicinaPredittiva #genomica #privacy #futuro #estonia #blockchain

    In molti paesi del mondo, le parole salute pubblica, velocità ed efficienza non vanno tipicamente a braccetto.

    In Estonia 🇪🇪 una piccola repubblica baltica di appena un milione e 300 mila abitanti, lo stato ha *davvero* preso a cuore la salute e il benessere dei suoi cittadini.

    Ho visto e sentito cose che sembravano fantascienza.

    Eppure, era tutto vero?
    Te ne parlo nel video ▶️ Nel primo commento qui sotto ti racconto un retroscena👇🏻
    .
    .
    .
    .
    .
    .
    .
    .
    #sanità #salute #medicina #medicinaPredittiva #genomica #privacy #futuro #estonia #blockchain

    119 5 2 hours ago

Top #privacy posts

    Antivirus software from Kaspersky Lab may have given online marketers a way to track your web browsing habits. Although the company's products are designed to protect PCs from cyber threats, Kaspersky Lab chose a questionable way to prevent malicious activity on the web pages you visit. The products inject a piece of Javascript code into your internet browser, which can tell you if a website is clean or not. The same Javascript code will also tag your machine with a unique identifier that any website you visit can read.

The tech industry calls this "cross-site tracking," and many advertising networks as well as Facebook have used similar approaches involving internet cookies and plugins placed across mainstream web services to follow users from site to site. In Kaspersky's case, the company will generate a different identifier for each machine the antivirus software is installed on, and the identifier will persist, remaining permanent and can even overcome the browser's Incognito mode!

Kaspersky has now changed its process for checking web pages for malicious activity by removing the unique identifier for each machine. 
#cybersecurity #infosec #computerscience #computerengineering #riskmanagement #encryption #IoT #AI #dataprotection #privacy #hacking #hacker #pentest #tech #datascience #code #coding #python #php #linux #java #webdev #programming #programmer #webdeveloper #digital #innovation #cloud #technology #security
thecybersecurityhub.com

    Antivirus software from Kaspersky Lab may have given online marketers a way to track your web browsing habits. Although the company's products are designed to protect PCs from cyber threats, Kaspersky Lab chose a questionable way to prevent malicious activity on the web pages you visit. The products inject a piece of Javascript code into your internet browser, which can tell you if a website is clean or not. The same Javascript code will also tag your machine with a unique identifier that any website you visit can read.

    The tech industry calls this "cross-site tracking," and many advertising networks as well as Facebook have used similar approaches involving internet cookies and plugins placed across mainstream web services to follow users from site to site. In Kaspersky's case, the company will generate a different identifier for each machine the antivirus software is installed on, and the identifier will persist, remaining permanent and can even overcome the browser's Incognito mode!

    Kaspersky has now changed its process for checking web pages for malicious activity by removing the unique identifier for each machine.
    #cybersecurity #infosec #computerscience #computerengineering #riskmanagement #encryption #IoT #AI #dataprotection #privacy #hacking #hacker #pentest #tech #datascience #code #coding #python #php #linux #java #webdev #programming #programmer #webdeveloper #digital #innovation #cloud #technology #security
    thecybersecurityhub.com

    2,211 12 17 hours ago
    Major breach found in biometrics system which includes fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks.

Suprema is the security company responsible for the web-based Biostar 2 biometrics lock system that allows centralised control for access to secure facilities like warehouses or office buildings. Biostar 2 uses fingerprints and facial recognition as part of its means of identifying people attempting to gain access to buildings.

Researchers found Biostar 2’s database was unprotected and mostly unencrypted. They were able to search the database by manipulating the URL search criteria in Elasticsearch to gain access to data.

The researchers had access to over 27.8m records, and 23 gigabytes-worth of data including admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff.

The researchers said the sheer scale of the breach was alarming because the service is in 1.5m locations across the world and because, unlike passwords being leaked, when fingerprints are leaked, you can’t change your fingerprint. 
#cybersecurity #infosec #computerscience #computerengineering #riskmanagement #encryption #IoT #AI #dataprotection #privacy #hacking #hacker #pentest #tech #datascience #code #coding #python #php #linux #java #webdev #programming #programmer #webdeveloper #digital #innovation #cloud #technology #security
thecybersecurityhub.com

    Major breach found in biometrics system which includes fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks.

    Suprema is the security company responsible for the web-based Biostar 2 biometrics lock system that allows centralised control for access to secure facilities like warehouses or office buildings. Biostar 2 uses fingerprints and facial recognition as part of its means of identifying people attempting to gain access to buildings.

    Researchers found Biostar 2’s database was unprotected and mostly unencrypted. They were able to search the database by manipulating the URL search criteria in Elasticsearch to gain access to data.

    The researchers had access to over 27.8m records, and 23 gigabytes-worth of data including admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff.

    The researchers said the sheer scale of the breach was alarming because the service is in 1.5m locations across the world and because, unlike passwords being leaked, when fingerprints are leaked, you can’t change your fingerprint.
    #cybersecurity #infosec #computerscience #computerengineering #riskmanagement #encryption #IoT #AI #dataprotection #privacy #hacking #hacker #pentest #tech #datascience #code #coding #python #php #linux #java #webdev #programming #programmer #webdeveloper #digital #innovation #cloud #technology #security
    thecybersecurityhub.com

    1,279 8 15 August, 2019
    HTTP/2, a major revision of the HTTP network protocol used across the web is vulnerable to denial-of-service attacks.

A variety of HTTP/2 implementations are affected by several distinct resource exhaustion vectors when they attempt to handle abnormal traffic, security researchers at Netflix and Google have discovered. Any of the issues create a possible mechanism for miscreants to launch distributed denial-of-service (DDoS) attacks against servers that support HTTP/2 communication.

Several vendors have already applied patches, which websites running the supported technology are advised to apply. In the absence of an available patch, or in cases where it’s impractical to apply it promptly, users are advised to suspend support for HTTP/2, as a precaution.

None of the HTTP/2 vulnerabilities would allow an attacker to snoop on or modify information, but they do present the potential of allowing someone to crash vulnerable servers.

HTTP/2 is a step change from HTTP/1.1 that adds several features, including header compression and multiplexing of data from multiple streams.

Around 40% of the top 10 million websites support HTTP/2.

#cybersecurity #infosec #computerscience #computerengineering #riskmanagement #encryption #IoT #AI #dataprotection #privacy #hacking #hacker #pentest #tech #datascience #code #coding #python #php #linux #java #webdev #programming #programmer #webdeveloper #digital #innovation #cloud #technology #security
thecybersecurityhub.com

    HTTP/2, a major revision of the HTTP network protocol used across the web is vulnerable to denial-of-service attacks.

    A variety of HTTP/2 implementations are affected by several distinct resource exhaustion vectors when they attempt to handle abnormal traffic, security researchers at Netflix and Google have discovered. Any of the issues create a possible mechanism for miscreants to launch distributed denial-of-service (DDoS) attacks against servers that support HTTP/2 communication.

    Several vendors have already applied patches, which websites running the supported technology are advised to apply. In the absence of an available patch, or in cases where it’s impractical to apply it promptly, users are advised to suspend support for HTTP/2, as a precaution.

    None of the HTTP/2 vulnerabilities would allow an attacker to snoop on or modify information, but they do present the potential of allowing someone to crash vulnerable servers.

    HTTP/2 is a step change from HTTP/1.1 that adds several features, including header compression and multiplexing of data from multiple streams.

    Around 40% of the top 10 million websites support HTTP/2.

    #cybersecurity #infosec #computerscience #computerengineering #riskmanagement #encryption #IoT #AI #dataprotection #privacy #hacking #hacker #pentest #tech #datascience #code #coding #python #php #linux #java #webdev #programming #programmer #webdeveloper #digital #innovation #cloud #technology #security
    thecybersecurityhub.com

    1,282 4 14 August, 2019