encryption

Three years later, Let’s Encrypt has issued over 380 million HTTPS certificates

Bon anniversaire, Let’s Encrypt! The free-to-use nonprofit was founded in 2014 in part by the Electronic Frontier Foundation and is backed by Akamai, Google, Facebook, Mozilla and more. Three years ago Friday, it issued its first certificate. Since then, the numbers have exploded. To date, more than 380 million certificates have been issued on 129 million unique domains. That also makes it the largest certificate issuer in the world, by far. Now, 75 percent of all Firefox traffic is HTTPS, according to public Firefox data — in part thanks to Let’s Encrypt. That’s a massive increase from when it was founded, where only 38 percent of website page loads were served over an HTTPS encrypted connection. “Change at that speed and scale is incredible,” a spokesperson ...

Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data

Most modern computers, even devices with disk encryption, are vulnerable to a new attack that can steal sensitive data in a matter of minutes, new research says. In new findings published Wednesday, F-Secure said that none of the existing firmware security measures in every laptop it tested “does a good enough job” of preventing data theft. F-Secure principal security consultant Olle Segerdahl told TechCrunch that the vulnerabilities put “nearly all” laptops and desktops — both Windows and Mac users — at risk. The new exploit is built on the foundations of a traditional cold boot attack, which hackers have long used to steal data from a shut-down computer. Modern computers overwrite their memory when a device is powered down to scramble the data from being read. But...

Firefox now supports the newest internet security protocol

Last Friday, the Internet Engineering Task Force released the final version of TLS 1.3. This is a major update to TLS 1.2, the security protocol that secures much of the web by, among other things, providing the layer that handles the encryption of every HTTPS connections. The updated spec promises improved security and a bit more speed, thanks to the reduced need for round trips as the browser and server negotiate the security settings. And the good news is, you can already use it today, because, as Mozilla today announced, Firefox already supports the new standard out of the box. Chrome, too, started supporting the new protocol (based on earlier drafts) in version 65. TLS 1.3 has been a few years in the making and it’s been ten years since the last version launched. It’s no secret that T...

Outgoing Facebook CSO Alex Stamos will join Disrupt SF to talk cybersecurity

At Disrupt SF 2018, Facebook’s soon-to-be-former chief security officer Alex Stamos will join us to chat about his tenure in the top security role for the world’s biggest social network, how it feels to have weathered some of the biggest security and privacy scandals to ever hit the tech industry and securing U.S. elections in the 2018 midterms and beyond. Following his last day at Facebook on August 17, Stamos will transition to an academic role at Stanford, starting this September. Since March, Stamos has focused on election security at Facebook as the company tries to rid its massive platform of Russian interference and bolster it against disinformation campaigns aiming to disrupt U.S. politics. “It is critical that we as an industry live up to our collective responsibility to consider ...

What can we learn from the Dixons data breach that blew up after disclosure

European consumer electronics retailer Dixons Carphone’s apologetic admission yesterday that a 2017 data breach was in fact considerably worse than it first reported suggests disclosures of major breaches could get a bit more messy — at least under the early reign of the region’s tough new data protection framework, GDPR — as organizations scramble to comply with requirements to communicate serious breaches “without undue delay”. Although, to be clear, it’s not the regulation that’s the problem. Dixons’ handling of this particular security incident has come in for sharp criticism — and is most certainly not a textbook example of how to proceed. Dixons Carphone disclosed a breach of 5.9M payment cards and 1.2M customer records in mid June, saying it had discovered the unauthorized access to...

WhatsApp now allows group voice and video calls between up to 4 people

WhatsApp has added a much-requested new feature after it began to allow users to make group voice and video calls. It’s been just over three years since the company, which is owned by Facebook, introduced voice calls and later a video option one year later. Today, WhatsApp counts over 1.5 billion monthly users and it says they make over two billion minutes of calls via its service each day. Starting this week, callers can now add friends by hitting the “add participant” button which appears in the top right corner of their screen. The maximum number of participants is four and, impressively, WhatsApp said the calls are end-to-end encrypted. That’s not an easy thing to do. Telegram, a self-professed secure messaging app, hasn’t even gotten around to encrypting its group messaging chats, let...

Chrome rolls out for all users ‘not secure’ markers on unencrypted pages

Google officially announced version 68 of the Chrome browser today, formalizing its plans to fulfill its past pledge to mark all unencrypted (non-HTTPS) pages as “not secure.” This move comes nearly two years after Chrome announced its slow-burning plan to promote the use of secured (HTTPS) pages across the browser. In previous updates, the browser had already begun to mark critical HTTP pages — like those that collect bank and personal information — as “not secure.” But to move toward its goal of assumed security on its browser, Chrome announced today that it plans to begin removing the “Secure” marker on HTTPS sites this September and begin marking all unencrypted sites with a red “Not secure” marker this October. Previously, according to Chrome, the number of HTTP sites across the inter...

The quantum meltdown of encryption

Shlomi Dolev Contributor Shlomi Dolev is the Chair Professor and founder of the Computer Science department of Ben-Gurion University of the Negev. He is the author of Self-Stabilization. Shlomi also is a cybersecurity entrepreneur and the co-founder and chief scientist of Secret Double Octopus. More posts by this contributor The quantum computing apocalypse is imminent The world stands at the cusp of one of the greatest breakthroughs in information technology. Huge leaps forward in all fields of computer science, from data analysis to machine learning, will result from this breakthrough. But like all of man’s technological achievements, from the combustion engine to nuclear power, harnessing quantum comes with potential dangers as well. Quantum computers have created a slew of unforeseen v...

FBI reportedly overestimated inaccessible encrypted phones by thousands

The FBI seems to have been caught fibbing again on the topic of encrypted phones. FBI director Christopher Wray estimated in December that it had almost 7,800 phones from 2017 alone that investigators were unable to access. The real number is likely less than a quarter of that, The Washington Post reports. Internal records cited by sources put the actual number of encrypted phones at perhaps 1,200 but perhaps as many as 2,000, and the FBI told the paper in a statement that “initial assessment is that programming errors resulted in significant over-counting of mobile devices reported.” Supposedly having three databases tracking the phones led to devices being counted multiple times. Such a mistake would be so elementary that it’s hard to conceive of how it would be possible. These aren’t co...

A simple solution to end the encryption debate

David Gurle Contributor Bill Harrington Contributor Criminals and terrorists, like millions of others, rely on smartphone encryption to protect the information on their mobile devices. But unlike most of us, the data on their phones could endanger lives and pose a great threat to national security. The challenge for law enforcement, and for us as a society, is how to reconcile the advantages of gaining access to the plans of dangerous individuals with the cost of opening a door to the lives of everyone else. It is the modern manifestation of the age-old conflict between privacy versus security, playing out in our pockets and palms. One-size-fits all technological solutions, like a manufacturer-built universal backdoor tool for smartphones, likely create more dangers than they prevent. Whil...

Investing in frontier technology is (and isn’t) cleantech all over again

Shahin Farshchi Contributor More posts by this contributor The dos and don’ts of crafting frontier-tech companies Five billion-dollar businesses for the driverless future I entered the world of venture investing a dozen years ago.  Little did I know that I was embarking on a journey to master the art of balancing contradictions: building up experience and pattern recognition to identify outliers, emphasizing what’s possible over what’s actual, generating comfort and consensus around a maverick founder with a non-consensus view, seeking the comfort of proof points in startups that are still very early, and most importantly, knowing that no single lesson learned can ever be applied directly in the future as every future scenario will certainly be different. I was fortunate to start my ventur...

Russia starts blocking Telegram for failing to turn over encryption keys

The Russian state telecommunication regulator has began blocking Telegram as expected. This comes after the messaging company refused to give Russian security services encryption keys. The service is expected to be blocked within the coming hours. According to several reports Telegram is still operational in the country though several service providers have started blocking the company’s website. Ran by its Russian founder Pavel Durov, Telegram has over 200 million users and is a top-ten messaging service made popular by its strong stance on privacy. Telegram is recognized as an operator of information dissemination in Russia and therefore the company is required by Russian to provide keys to its encryption service to the Federal Security Service. This is so the FSS can reportedly read the...

  • 1
  • 2