The disturbingly complete compromise of DigiNotar, the Dutch certificate authority, has broad ramifications for other CAs, enterprises and consumers who rely on the shaky web of trust that comprises the CA system. Here’s what you should know about the attack and what you can do to protect yourself against intrusions resulting from it.
Browsing Tag: Privacy
UPDATE: A class action lawsuit filed in U.S. District Court in Seattle, Washington, accuses Microsoft Corp. of collecting geolocation information from photos taken with phones running its Windows Phone 7 operating system, even without the user’s consent.
Mozilla has released version 6.01 of its Firefox browser, which now removes the compromised DigiNotar root certificate from the list of trusted roots. The move comes just two days after security researchers discovered that the Dutch company had issued a valid wildcard certificate for Google to an unknown third party.
The current online atmosphere, in which government-sponsored surveillance, data collection and sale by private companies and politically motivated attacks have become the norm, has spurred a renewed interest in many corners of the Internet in privacy and anonymity. The people behind The Crypto Project are working to provide some of the necessary tools for protecting communications and activities online.
When a small group of activists announced the debut of The Crypto Project earlier this year, for many, ahem, mature, security and privacy advocates it brought to mind memories of the original cypherpunk movement that began in the 1990s and that group’s seminal efforts to encourage the use of strong cryptography and anonymity online, as well as its successes and failures. The two groups are not allied by anything other than ideology, but The Crypto Project’s leaders are aiming to follow in the footsteps of the cypherpunks, build on their accomplishments and make security and privacy tools freely available to the masses.
A federal court in New York has dismissed a case in which the plaintiff claimed that a third-party advertiser had violated the Computer Fraud and Abuse Act (CFAA) by sniffing her browser history and using flash cookies, ruling that the plaintiff didn’t prove that the actions were harmful enough.
In response to work by Stanford University researchers who found that Microsoft and several other high-profile companies were using a controversial technique to keep persistent cookies on users’ PCs to track their movements, Microsoft says it has discontinued the practice of using so-called “supercookies.”
The evolution of mobile malware seems to be accelerating, especially as it applies to Android malware. The newest example of this rapid change is the appearance of GingerMaster, a variant of the DroidKungFu malware that now sports a root exploit for Android 2.3 and gives the attacker complete control of the infected device.
By B.K. DeLongWith this morning’s acquisition of Motorola Mobility, Google has made the move to bring in a solid hardware component for their Android mobility platform and fired another shot across the bow of Apple. But one big questions remains: What does this acquisition mean for those trying to better secure the Android platform for their users?
LinkedIn is responding to user complaints about its new social advertising model, which asked its 100 million users to ‘opt-out’ if they didn’t want advertisers to pair their message with content – including photographs – from users’ profiles.