Condemnation mounts against ISP that sabotaged users’ e-mail encryption

Digital rights advocates are doubling down on their criticism of a US-based ISP suspected of performing encryption downgrade attacks that caused customers' e-mail to remain in plaintext as it passed over the Internet.

Lollipop or lockdown? What a secure mobile OS means for BYOD

Out of the box, both iOS 8 and Android Lollipop (Android L) both have encryption turned on by default. The development has already caused a mild panic in intelligence circles, with the FBI saying it will make cyber investigations much more difficult. On the other hand, encryption from the start will make it easier for enterprise managers to ensure secure data on users’ phones, particularly if they use their own phone for business purposes.

SSWL remains security weakness despite latest reinforcements

...despite the moniker, SSL is sometimes not that secure. One particular and apparently growing problem is with improper SSL validation. That was the focus of the GoTo bug discovered early this year (and since patched) in Apple’s iOS and Mac OS X. The vulnerability opened up users of those systems to so-called man-in-the-middle (MITM) attacks, in which those with a “trusted” certificate can insert themselves into a communication stream between systems and read its contents.

Cryptolocker flogged on YouTube

The researchers made the discovery while monitoring YouTube and website banners for instances where malware writers had actually purchased space to foist their wares on unpatched web users.

Google To Reward Web Sites That Boost Security

Google wants Web sites to become more secure and said Wednesday it will do its part by motivating organizations to build stronger encryption for their sites. The company is giving a pretty significant incentive: it will reward those who do so by ranking them higher than sites lacking the added support to Transport Layer Security, also known as HTTPS encryption. Another way to look at it is Google will punish those who lack the extra encryption.

Boosting Your Online Privacy: 10 Best Practices

Privacy has become a topic of much debate in the technology industry since Edward Snowden last year leaked documents to the press showing how pervasive is the federal government's collection of data on U.S. and foreign citizens. The government was also conducting a wide-ranging cyber-spying campaign targeting foreign officials and private citizens around the world. Since then, there have been regular reports about how companies analyze Web traffic and email messages to try to discern what people are saying, thinking and buying. 

Cyber Security Tips Newsletter: Cyber Security and Your Summer Vacation

The summer vacation season is underway and for many of us that means lounging on sunny beaches, reading a book under a shade tree or hitting the road for a new adventure. It  can also mean identity theft and other crimes if we aren’t careful about our online activities and protecting our information. Cyber crime does not take a summer vacation; we need to remain vigilant. Fortunately, by following some best practices, we can minimize the risk of becoming the next statistic. 

Massachusetts high court orders suspect to decrypt his computers

The Massachusetts Supreme Judicial Court (MSJC) ruling only applies to the state. Various other courts at the state and federal level have disagreed as to whether being forced to type in a decryption password is a violation of the Fifth Amendment right to protect against self-incrimination and its state equivalents (such as Article Twelve of the Massachusetts Declaration of Rights). 

Safely Storing User Passwords: Hashing vs. Encrypting

Securing user information begins with a proper understanding of security controls and the protection of user passwords using modern hashing algorithms. Here's a quick review of the fundamentals.

Google Adds Chrome Encryption Option For Webmail

Google is now offering a plug-in called End-to-End for the Chrome browser -- in alpha test -- that lets users encrypt their web email messages. The new End-to-End Chrome extension encrypts, decrypts, digitally signs, and verifies signed messages within the browser using OpenPGP. Google has released the source code for the alpha version of the plug-in, which is built on a new JavaScript-based crypto library.

Syndicate content