Browsing Category: Cryptography

A few weeks after the developers of the AFNetworking library that’s popular among iOS and OS X app developers patched a serious bug in the library that enabled man-in-the-middle attacks, another, similar flaw has surfaced. The new vulnerability is related to how the AFNetworking library handles domain name validation for certificates. As it turns out, the library[…]

Read more...

SAN FRANCISCO–Encryption is the hot new topic in security at the moment, as it has been any number of times in the last few decades. And, as in the past, the notions of key escrow, mandated legal access to encrypted systems and other ideas for helping governments defeat cryptosystems have followed right along with the latest crypto[…]

Read more...

Google engineers have spent the last several years moving many of the company’s online services to encrypted links. Gmail is HTTPS by default, and Google search is done over SSL for much of the world. Now the company is working to move its ad-serving and ad-buying platforms to HTTPS, as well. Google’s ad networks are pervasive[…]

Read more...

It’s an interesting time for certificate authorities. On the one hand, interest has never been higher in Web encryption, privacy and transport security, thanks to Edward Snowden. But on the other hand, the last few years has seen a steady stream of compromises of CAs, mis-issued certificates and other problems. CAs hold the security and[…]

Read more...

In early December, as most people were dealing with the stress of looking for the perfect holiday gifts and planning out their upcoming celebrations, police officers in a small New England town were under a different sort of pressure. The vital files and data the Tewksbury Police Department needed to go about its daily business had been encrypted[…]

Read more...

When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether, Apple has kept the root certificates in its trusted store for both iOS and OSX. Apple on Wednesday released[…]

Read more...

Less than a week after introducing the new opportunistic encryption feature in Firefox, Mozilla has had to disable it because of a security vulnerability in the browser’s implementation of the HTTP Alternative Services specification. The bug puts a kink in the new feature, which was designed to allow clients to connect securely to a server[…]

Read more...