In what looks like the IT equivalent of the Deepwater Horizon oil spill disaster, purloined data and documents, including source code belonging to the U.S. software firm VMWare, continue to bubble up from the networks of a variety of compromised Chinese firms, according to “Hardcore Charlie,” an anonymous hacker who has claimed responsibility for the hacks.
Google has released an update for Chrome that repairs a problem when users attempt to connect to sites over HTTPS. In some instances, the browser will return an error messages that tells the user that the requested site’s server certificate is invalid even when that’s not the case.
Corporate executives and other high value employees traveling abroad need to be on guard for attempts to compromise their mobile devices, and could even have their mobile phone compromised before they even disembark the plane following their arrival, according to security researcher Justin Morehouse. A thirst for intellectual property and trade secrets, and a bugeoning market of sophisticated mobile surveillance tools means that executives need to begin thinking and acting like spies in order to avoid being spied upon themselves, according to a presentation at the OWASP AppSec DC 2012 conference in Washington DC on Thursday.
Mozilla is considering a change to the way that it handles certificates issued by externally operated sub-CAs in an effort to gain more control of how these CAs issue certificates and what those certificates can do.
The BBC reports that they were the victim of a “sophisticated cyber-attack,” which they believe is part of an ongoing Iranian campaign to disrupt the BBC Persian Service.
VIEW SLIDESHOW: Weird Science: 10 Forms of Biometric Authentication In the past twenty years, we’ve gone from using amber-tinted dumb terminals connected to refrigerator-sized mainframe computers to sleek tablet computers and smart phones tucked into our pockets. Despite those changes, one technology has stubbornly persisted: passwords. Indeed, the explosion in computing devices and Web-based services has made us more dependent on passwords than ever.
The U.S. National Security Agency (NSA) released the specifications for a new, super-secure smartphone for use by government officials and based on Google’s widely-used Android operating system, inviting the public to make use of its research.
The EFF has released a new version of its HTTPS Everywhere browser extension, and users can now turn on a feature that will send the EFF copies of digital certificates that the browser encounters, allowing the organization to look for flawed, fake or expired certificates.
A Colorado District Court Ruling to force the suspect in a fraud case to surrender the encryption key to her laptop was deemed unnecessary after federal authorities managed to circumvent the device’s encryption, Ars Technica reports.
SAN FRANCISCO– It’s been an interesting year in the cryptography world, with new attacks on several algorithms, continued problems with hash functions and the recent research on weak RSA keys. With all of that as a backdrop, some of the brightest minds in the field, gathered here for the RSA Conference, said that there are some worrying cracks showing in the cryptosystems that secure electronic communications.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
