FBI Director James Comey pleads with Congress to create a law that would allow law enforcement access to encrypted mobile communications on Android and Apple devices.
Browsing Category: Cryptography
Dennis Fisher and Mike Mimoso discuss the news of the week, including the Android app-replacement vulnerability, the Windows privilege escalation bug and the Yahoo transparency report and the company’s crypto efforts.
The anticipated high severity patch in OpenSSL is for a denial-of-service vulnerability in the recently released version 1.0.2 that can crash a client or server with a malformed certificate.
Researchers from Royal Holloway University in London published a paper demonstrating inexpensive ways to crack the 512-bit export-grade RSA keys vulnerable to the FREAK attack.
Yahoo CISO Alex Stamos said a preview of the company’s end to end encryption extension has been released to GitHub for review.
A variant of CryptoLocker ransomware is targeting gamers, encrypting files associated with more than 20 popular titles in exchange for a Bitcoin payment.
BlackBerry is warning customers that a large portion of the company’s product portfolio is vulnerable to the FREAK SSL attack. Many versions of the BlackBerry OS and BlackBerry Enterprise Server are vulnerable to FREAK, as are a number of versions of BlackBerry Messenger. The advisory from BlackBerry says that there are no workarounds for the[…]
Apple has patched the FREAK SSL vulnerability, along with a nasty bug that could’ve allowed a remote attacker to restart a user’s iPhone via SMS, with the release of iOS 8.2. The new version of Apple’s mobile operating system contains a number of vulnerability fixes, with the FREAK patch being the most prominent among them.[…]
NCC Group Cryptography Services announced it will shortly begin an audit of OpenSSL.
Open Whisper Systems is phasing out support for encrypted SMS and MMS messages in its TextSecure messaging product. The move does not spell the end for encrypted messaging for users of the Android app, as the company plans to switch to its own transport protocol to address some of the security and performance issues inherent[…]