Though security researchers involved in uncovering the attack have remained mum on the attribution of Regin, privacy experts say that if one of the intelligence agencies is involved, there’s no legal basis for the operation.
Browsing Category: Cryptography
The EFF and a long list of civil and privacy groups have sent a letter to NIST, emphasizing the need for the agency to create “a process for establishing secure and resilient encryption standards, free from back doors or other known vulnerabilities.”
The U.S. Senate failed to pass the USA FREEDOM Act last night, but that should matter little to security and technology companies rolling out encryption everywhere.
Leaders at the Tor Project call for calm after an academic paper spells out how funded hackers could use NetFlow data from Cisco routers to de-anonymize Tor users.
A new coalition, Let’s Encrypt, announced today they will grant free HTTPS certificates to any site that needs one in 2015.
WhatsApp, a massively popular messaging app, recently added end-to-end encryption for some mobile clients, a move that brings a high level of security to millions of users. The change is the result of a partnership with Open Whisper Systems, the secure text and mobile OS company started by security researcher Moxie Marlinspike. Twitter acquired Open[…]
The Internet Architecture Board, the body in charge of overseeing the structure of many of the Internet’s key standards, has recommended that encryption be the default traffic option for protocols.
Microsoft is considering adding public-key pinning–an important defense against man-in-the-middle attacks–to Internet Explorer. The feature is designed to help protect users against the types of MITM attacks that rely on forged certificates, which comprise a large portion of those attacks. Attackers use forged or stolen certificates to trick victims’ browsers into trusting a malicious site[…]
The Electronic Frontier Foundation has backed VPN provider Golden Frog’s FCC filing that accuses ISPs of stripping out STARTTLS instructions from email messages.
The critical vulnerability in the Schannel technology in Windows that Microsoft patched Tuesday is ripe for exploitation, experts say, and continues the long line of severe vulnerabilities in major SSL/TLS implementations in recent months.