SSL
Amazon Kindle Fire's Silk browser sounds privacy alarm bells
Amazon announced their new Kindle Fire tablet today, including a new accelerated web browser Silk. Can making the web faster threaten our privacy?
SSL authenticity evolution
After attending the annual GrrCON in Grand Rapids, Michigan I thought I would share my thoughts on the keynote address delivered by Moxie Marlinspike. Moxie detailed the problems with the existing certificate authority system and proposed his ideas for a solution.
Secure web browsing cracked by BEAST
A pair of researchers have unveiled a serious new attack on web browser security.
The ability to crack encrypted web traffic removes the safety net that protects you when you're doing sensitive online tasks like banking or using credit cards.
Apple fakery, DNS hack, DigiNotar, Linux, Wikileaks - 60 Sec Security
Lots of readers said they'd like to see our 'news-with-a-conscience' videos more than once a month.
So here you go. 60 Second Security, once every two weeks.
GlobalSign gives itself clean bill of health after Iranian hacker's braggadocio
Digital certificate authority GlobalSign rather gutsily took itself out of business last week following a burst of online braggadocio from an Iranian hacker claiming to have "owned" the company.
GlobalSign is back. Looks like the self-serving hacker was nothing more than that.
GlobalSign stops issuing SSL certificates in response to Iranian hacker
Digital certificate authority GlobalSIgn, the fifth largest issuer of SSL certificates, ceased signing new certificates today after accusations by an Iranian hacker that they are compromised.
Operation Black Tulip: Fox-IT's report on the DigiNotar breach
A preliminary report was released today by Fox-IT, the security team investigating the attack against certificate authority DigiNotar. Many interesting details are included about the hack, including more indications that it primarily affected Iranian users.
SSL certificate debacle includes CIA, MI6, Mossad and Tor
Over 500 falsely signed certificates have now been identified and browser makers are permanently removing DigiNotar as a trusted certificate authority. The targeted organizations are far reaching including the CIA and MI6.
Google blacklists 247 certificates. Is it related to DigiNotar hacking incident?
Google has blacklisted over 200 certificates seemingly related to the DigiNotar hacking incident. What is the full extent of this breach, and who else may have been targeted?
Falsely issued Google SSL certificate in the wild for more than 5 weeks
A rogue certificate was found in the wild more than a month after it was issued allowing someone to masquerade as SSL enabled Google services. Where did this certificate come from, who was using it and what can you do to protect yourself?
Twitter starts rolling out HTTPS by default - good news for security and Ashton Kutcher
In a step which will be welcomed by its security-conscious users, Twitter has announced that it is beginning to turn on HTTPS by default.
Why is this important? Just ask Ashton Kutcher.
DEFCON 2011: SSL and the future of authenticity
Moxie Marlinspike proposed a solution to the ongoing trust problems in the SSL protocol. Marlinspike's solution, Convergence, uses a series of notaries to provide a framework for detecting man-in-the-middle attacks while eliminating the need to purchase digital certificates or rely on certificate authorities.
SSCC 70 - Patch Tuesday, insulin pump hacking, Android patching, ChromeOS hacking, archiving our digital past
Vanja Svajcer joins Chester Wisniewski to discuss the papers and demos they attended at last week's Black Hat and DEFCON conferences. Topics covered include Android patch cycles, Fixing the SSL CA problem, insulin pump hacking, Google ChromeOS flaws and archiving our digital past.
Unpatched iPhones/iPads secure connections not so secure
All unpatched iPhone/iPads/iPod Touchs can be snooped on exposing usernames, passwords and even sensitive financial data using freely available tools. Patch now!
Groupon subsidiary leaks 300K logins, fixes fail, fails again
SoSasta, the Indian subsidiary of digital discount kings Groupon, leaked 300,000 usernames and plaintext passwords.
They've now closed the leak. But is the problem really fixed?
An open letter to Facebook about safety and privacy
Dear Facebook,
As you know, for some years we have been discussing with your security team our concerns about safety and privacy on Facebook.
SSCC 55 - More SSL CA problems, RSA update and Chrome blocking more dangerous content
Tony Ross joins Chester Wisniewski this week to discuss the latest news on SSL Certificate Authorities ignoring signing guidelines. They also talk about the RSA breach, the Epsilon email leakage, Chrome adding malicious download filtering and more.
EFF uncovers further evidence of SSL CA bad behavior
The Electronic Frontier Foundation has published a report showing the SSL certificate industry has been ignoring policies and signing tens of thousands of invalid certificates.
SSCC 54 - Firefox, MySQL hacked, Comodo and Facebook
Michael Argast joins Chet for a HUGE Chet Chat this week. They primarily cover Facebook's new SSL/anti-likejacking, Comodo SSL hack, Firefox 4 and the SQL injection attacks against MySQL and Sun/Oracle. Extra: Don't miss the blooper of Chet mistakenly calling this Chet Chat 55... That's next week.
Comodo hacker outs himself, claims "no relation to Iranian Cyber Army"
Iranian hacker admits to the recent security breach at Comodo SSL. Aside from his delusional ramblings, it appears he may in fact be the hacker who compromised their systems and reveals how easy the task really was.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
