Cryptography

The Internet Architecture Board, the body in charge of overseeing the structure of many of the Internet’s key standards, has recommended that encryption be the default traffic option for protocols.

Microsoft is considering adding public-key pinning–an important defense against man-in-the-middle attacks–to Internet Explorer. The feature is designed to help protect users against the types of MITM attacks that rely on forged certificates, which comprise a large portion of those attacks. Attackers use forged or stolen certificates to trick victims’ browsers into trusting a malicious site […]

The Electronic Frontier Foundation has backed VPN provider Golden Frog’s FCC filing that accuses ISPs of stripping out STARTTLS instructions from email messages.

The critical vulnerability in the Schannel technology in Windows that Microsoft patched Tuesday is ripe for exploitation, experts say, and continues the long line of severe vulnerabilities in major SSL/TLS implementations in recent months.

LAS VEGAS–One of the longest running jokes in the security industry is that each coming year finally will be The Year of PKI. While that one huge year never materialized, the use of PKI and digital certificates has become an integral part of how the Internet works today. But there are some challenges on the horizon […]

Dennis Fisher and DigiCert’s Jeremy Rowley discuss the company’s certificate issuance for Facebook’s .onion site, the challenge of key protection in today’s environment and what the near future holds for PKI.

When the National Security Agency discovers a new vulnerability that looks like it might be of use in penetrating target networks, the agency considers a number of factors, including how popular the affected software is and where it’s typically deployed, before deciding whether to share the new bug. The agency shares most of the bugs […]