Don’t be like LinkedIn and let your SSL certs expire. Two reasons: first, this means your website is down for most potential visitors. Second, if they can get through and you don’t implement always-on SSL connections, users can get the normal HTTP site and have a cookie on their computer that could compromise their data down the road. Any third party that is entrusted to manage your certs (as LinkedIn is using) should know better.
A new use for punycode domains has been discovered, this time in connection with a malware-advertising scheme that I mention below. Previously, this was a popular method to create phishing destination sites that appeared to use the same Latin characters in their domain names.
McAfee’s annual predictions have some interesting insights and are today’s annual report of the day. The machine learning arms race, the opportunities for serverless attackers, and the ways that home automation vendors will misuse your personal data are all mentioned as top predictions.
-- David Strom, editor of Inside Security