In the age of cyber warfare, being paranoid is the only reasonable attitude and that means, among other things, being paranoid about software updates.
A fatal flaw in TCP on Linux hijacks HTTPS connections. Here is the fix
If you are running Linux kernel 3.6 or newer, anyone in the world on a network that allows IP spoofing can hijack your encrypted communications in less than a minute, with a success rate of 90%.
Here is how to fix it.
Apple and Seagate Hacked
Over the years, Apple has dismissed some of their best technical talent. Today, it came back to bite them: the legendary electronic maker had to admit that they got hacked big-time, joining Seagate in this predicament. It made news all over the airwaves.
How to Create a Content Security Policy to Protect Your Web Application against XSRF/CSRF/XFS, Clickjacking and Other Code Injection Attacks
[Updated 2017-11-21] Are you wondering why some JavaScript code from external domains simply won’t execute on your website? The reason could be as simple as an overly restrictive Content Security Policy. This article explains how you can create a Content Security Policy that’s both protective and functional to secure your web server from cross-site request forgery (XSRF/CSRF/XFS), clickjacking and other code injection attacks.