Understanding the SSL security breach, preparing for the next one
Electronic Frontier Foundation staff technologist Peter Eckersley has a good, in-depth analysis of the revelation that Iranian hackers acquired fraudulent SSL certificates for Google, Yahoo, Mozilla...
View ArticleMicrosoft switches off privacy for Hotmail users in war-torn and repressive...
For reasons unknown, Microsoft has changed the settings on Hotmail to disable HTTPS for users in several countries including Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo,...
View ArticleClik here to view.
SSL certificate authorities put us all at risk by handing out certs for...
In the wake of the revelation that a major SSL certificate provider suffered a serious breach, Chris Palmer from the Electronic Frontier Foundation has analysis of the common practice of issuing...
View ArticleClik here to view.
Trusting unknown parties for security? Welcome to the web
At The Economist, Glenn Fleishman writes about a fundamental flaw in the industry standard security system for websites, SSL, familiar to all of us as the little lock icon that appears for 'secure'...
View ArticleClik here to view.
Twitter buys secure communications company that helped hack the Arab Spring
Twitter has bought a company called Whisper Systems, who make a secure version of the Android operating system as well as suites of privacy tools that are intended to protect demonstrators, especially...
View ArticleGoogle implements "forward secrecy" in its encrypted traffic, releases...
Google has changed its procedures to enable "forward secrecy" by default on all its search-traffic. This means that part of the key needed to decrypt the traffic is never stored, so that in the event...
View ArticleClik here to view.
Prime Suspect, or Random Acts of Keyness
The foundation of Web security rests on the notion that two very large prime numbers, numbers divisible only by themselves and 1, once multiplied together are irreducibly difficult to tease back...
View ArticleCompanies should never try to intercept their users' encrypted traffic
Lenovo's disgraceful use of Superfish to compromise its users' security is just the tip of the iceberg: everywhere we look, companies have decided that it's a good idea to sneakily subvert their...
View ArticleClik here to view.
Samsung fridges can leak your Gmail logins
Researchers at Pen Test Partners took up the challenge to hack a smart fridge at Defcon's IoT Village, and discovered that they could man-in-the-middle your Google login credentials from Samsung...
View ArticleClik here to view.
Symantec caught issuing rogue Google.com certificates
Your browser trusts SSL certificates from hundreds of "Certificate Authorities," each of which is supposed to exercise the utmost caution before issuing them -- a rogue cert would allow a criminal or...
View ArticleClik here to view.
Chrome won't trust Symantec-backed SSL as of Jun 1 unless they account for...
In September, Google caught Symantec issuing a fake google.com cryptographic certificate that could have been used to seamlessly intercept encrypted Google.com traffic. Symantec is one of the...
View ArticleClik here to view.
Not just Lenovo: Dell ships computers with self-signed root certificates
Last February, Lenovo shocked its security-conscious customers by pre-installing its own, self-signed root certificates on the machines it sold. These certificates, provided by a spyware advertising...
View ArticleClik here to view.
Let's Encrypt enters public beta: free HTTPS certificates for everyone!
Let's Encrypt is a joint project from EFF, Mozilla and others that allows anyone to create a free HTTPS certificate in minutes, this being a critical piece of infrastructure, necessary for making...
View ArticleUnderstanding the SSL security breach, preparing for the next one
Electronic Frontier Foundation staff technologist Peter Eckersley has a good, in-depth analysis of the revelation that Iranian hackers acquired fraudulent SSL certificates for Google, Yahoo, Mozilla...
View ArticleMicrosoft switches off privacy for Hotmail users in war-torn and repressive...
For reasons unknown, Microsoft has changed the settings on Hotmail to disable HTTPS for users in several countries including Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo,...
View ArticleClik here to view.
SSL certificate authorities put us all at risk by handing out certs for...
In the wake of the revelation that a major SSL certificate provider suffered a serious breach, Chris Palmer from the Electronic Frontier Foundation has analysis of the common practice of issuing...
View ArticleClik here to view.
Trusting unknown parties for security? Welcome to the web
At The Economist, Glenn Fleishman writes about a fundamental flaw in the industry standard security system for websites, SSL, familiar to all of us as the little lock icon that appears for 'secure'...
View ArticleUnderstanding the SSL security breach, preparing for the next one
Electronic Frontier Foundation staff technologist Peter Eckersley has a good, in-depth analysis of the revelation that Iranian hackers acquired fraudulent SSL certificates for Google, Yahoo, Mozilla...
View ArticleMicrosoft switches off privacy for Hotmail users in war-torn and repressive...
For reasons unknown, Microsoft has changed the settings on Hotmail to disable HTTPS for users in several countries including Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo,...
View ArticleSSL certificate authorities put us all at risk by handing out certs for...
In the wake of the revelation that a major SSL certificate provider suffered a serious breach, Chris Palmer from the Electronic Frontier Foundation has analysis of the common practice of issuing...
View Article
