The BEAST attacks, once thought mitigated, may again be viable because of weaknesses in RC4 rendering server-side mitigation moot, and Apple’s reluctance to enable a 1/1-n split client-side mitigation by default.
A Belgian telecom company that handles some of the undersea cables that carry international voice traffic said Monday that its internal network had been compromised sometime in the last few months and malware had planted on some of its systems. Belgacom said the attack only affected its own systems, and not those of customers, and said it has filed a complaint with the Belgian federal authorities about the incident.
The flood of documents regarding the NSA’s collection methods and capabilities that have been leaked this summer has produced thousands of news stories and several metric tons of speculation about what it all means. But for all of the postulating, analysis and reporting, there are still a lot of questions left unanswered in all of this. Let’s try to address some of them.
The federal government has released hundreds of pages of documents, including orders and opinions from the secretive Foreign Intelligence Surveillance Court, related to the NSA’s surveillance programs, but legislators who have been involved in the process say that there still are significant details of the agency’s email and phone collection activities that remain secret. Senators […]
UPDATE–The revelations last week in leaked NSA documents that the intelligence agency had influenced the standards process at NIST to allegedly deliberately weaken unnamed cryptographic algorithms have spurred a huge amount of speculation and discussion in the security community about the implications and consequences of the NSA’s actions. For its part, NIST is seeking to […]
Dennis Fisher talks with cryptographer Bruce Schneier about the revelations of the NSA’s capabilities to subvert and weaken cryptographic algorithms, security products and standards, and what it will take to help defeat these capabilities.
If you were going to try and determine who has had a worse go of it recently, the NSA or certificate authorities, you’d likely have to just flip a coin. And the coin would probably end up balanced on its edge. While the National Security Agency is scrambling to respond to and recover from the […]
As security experts and cryptographers continue to debate and discuss the implications of the revelations of the NSA’s capabilities against various encryption protocols and systems, some of the larger Internet companies are taking steps to protect their users’ data against the new threat. Google, which has been in the middle of many of the conversations […]
The developers behind Bitcoin-QT, a software wallet used to protect and backup Bitcoin currency have pushed out a new version of the client, fixing a critical denial-of-service bug, three security issues and fortifying password security.
A new browser extension for Firefox is designed to use SSL and do so correctly by only accepting HTTPS requests.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
