Web servers - News, Features, and Slideshows
System administrators rushing to fix the highly publicized Heartbleed vulnerability may have introduced the flaw into unaffected websites, a security researcher says.
After only a few days, the Internet is still buzzing with news surrounding CVE-2014-0160, better known as the Heartbleed vulnerability. CSO has compiled the following information in order to help administrators and security teams understand the issue, determine their risks, and if needed, fix the problem.
In light of overall low adoption of HTTP security headers, Mozilla is advising webmasters to at least implement X-Frame-Options on their sites, arguing that this header can prevent several types of attacks.
The number of DDoS (distributed denial-of-service) attacks that target weak spots in Web applications in addition to network services has risen during the past year and attackers are using increasingly sophisticated methods to bypass defenses, according to DDoS mitigation experts.
Chinese hackers are using an automated tool to exploit known vulnerabilities in Apache Struts, in order to install backdoors on servers hosting applications developed with the framework.
Sign up now »
Ultimate protection for your small or medium-sized business
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.