Google announced that it was making the source code for its End-to-End Chrome Extension available for review on GitHub. End-to-End encrypts and signs Gmail messages.
Browsing Category: Cryptography
Two of Cisco’s products are vulnerable to the POODLE attack via the TLS implementation in those products. The vulnerability affects Cisco’s Adaptive Security Appliance software and its Application Control Engine module.
Google proposes that browser vendors begin issuing address bar warnings to users that HTTP connections provide no data security protection.
Mozilla is planning to add support for Certificate Transparency checks in Firefox in the near future, but the company says that the feature won’t be turned on by default at first.
Researchers have discovered a new version of the Destover malware that was used in the recent Sony Pictures Entertainment breaches, and in an ironic twist, the sample is signed by a legitimate certificate stolen from Sony.
The POODLE attack against SSLv3 that researchers from Google revealed earlier this year also affects some implementations of TLS and vendors now are scrambling to release patches for gear affected by the vulnerability. Soon after the POODLE attack was disclosed in October, researchers began looking into whether it might affect protocols other than SSLv3. It quickly[…]
Researchers have found a way to generate GPG key collisions in just four seconds, and put out a call for GPG to harden its UX.
Though security researchers involved in uncovering the attack have remained mum on the attribution of Regin, privacy experts say that if one of the intelligence agencies is involved, there’s no legal basis for the operation.
The EFF and a long list of civil and privacy groups have sent a letter to NIST, emphasizing the need for the agency to create “a process for establishing secure and resilient encryption standards, free from back doors or other known vulnerabilities.”
The U.S. Senate failed to pass the USA FREEDOM Act last night, but that should matter little to security and technology companies rolling out encryption everywhere.