Protection against the creative abuse of HSTS

HTTP Strict Transport Security (HSTS) is a security standard that allows a website to declare itself available to only by safe connections, and browsers are given the information for the redirect. Web browsers with HSTS support still do not allow users to ignore certificate errors on servers.
Apple uses HSTS, for example, on , so every time you try to go to an unprotected address From the address bar of the browser or by reference there is an automatic redirect to . This ...

Let's Encrypt began issuing wildcard certificates

Let's Encrypt began issuing wildcard certificatesLet's Encrypt stepped over an important milestone - since March 14 everyone can get a free SSL /TLS certificate of the type
. An example of an installed certificate:
announced about the launch of ACMEv2 (Automated Certificate Management Environment), which is finally allows you to get a wildcard certificate. Initially, it was planned to start issuing them in ...

Hidden JS-mining in the browser

Hidden JS-mining in the browser
On the threshold of NeoQUEST we like to share different stories that indirectly can help the participants when completing assignments. This time we tell a completely real story about the hidden JS-mining in the user's browser, desperately hinting that in NeoQUEST-2018 will that pomainit!
Theme before was already climbing Habré , but the fantasy of virus writers is inexhaustible! We recently discovered a more extensive use of JS mining on the user's browser. Be vigilant, hrabrayzer, and welcome under the cut: tell all about it in more detail!