In the wake of a parade of problems with certificate authorities and attackers using stolen digital certificates, both Google and Mozilla are poised to enforce new rules in their browsers for how long end-entity certificates should be trusted.
Researchers from MIT and the Northern University of Ireland stand by their theory that information theory is the wrong foundation for cryptography and security.
Microsoft has given customers six months to find MD5 installations and prepare for a February 2014 patch that will block the broken algorithm.
Silent Circle shut down its Silent Mail service yesterday to ward off future requests for customer data by the government.
Dennis Fisher talks with Matthew Green of Johns Hopkins University about the crypto advances in recent years, the BREACH attack revealed at Black Hat and whether it’s time to start moving away from the RSA algorithm.
Twitter is rolling out an updated login verification system for iPhone and Android that uses a novel cryptographic scheme that is designed to be resilient against attack and ensures that the private key never leaves the user’s device. The system doesn’t rely on SMS to send codes to users for login verification, but rather on a challenge-response system in the browser.
The Black Hat conference is one of the best opportunities each year to see new and innovative research, commune with some of the smartest folks in the industry and generally get a sense of where things stand and where they’re going. This year’s conference was one of the larger in history, both in terms of number of attendees and volume of presentations, and there was a lot to see and hear. With 11 research tracks, keynotes and press conferences happening from morning till night, it was impossible to see it all, even for the most motivated and caffeinated person.
Homeland Security released an advisory on the BREACH attack, a side-channel compression attack similar to CRIME, except that it steals secrets from HTTPS responses.
Researchers at Black Hat USA 2013 made a call for usage of elliptic curve cryptography in favor of the RSA algorithm, which the experts said could be cracked in the next five years.
Google announced this week that it has begun upgrading its SSL certificates from 1024-bit keys to 2048-bit keys, a move that should help add an extra layer of security for anyone who uses the search giant’s services.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
