Apple is encouraging developers who create apps for iOS to begin moving their apps to an HTTPS-only model as soon as possible in an effort to thwart eavesdropping on insecure, plaintext HTTP connections. The move is yet one more sign that major Internet and technology companies are becoming ever more resistant to large-scale, passive surveillance […]
Tag Archives: Cryptography
Federal Agencies to Move to HTTPS-Only Connections
Following the lead of many major Web services, the White House on Monday announced that it would move all of the federal government’s public sites and services to HTTPS-only. Tony Scott, the federal CIO, has issued a memorandum to all federal agencies and departments instructing them to move all of their publicly accessible Web sites […]
Toshiba Addressing Vulnerabilities in its Retail Software
Toshiba has eliminated a hard-coded cryptographic key in its CHEC software, but is dealing with an information-disclosure bug in its 4690 operating system.
Facebook Requires SHA-2 as of Oct. 1
Facebook has put developers on notice that as of Oct. 1, apps that do not support SHA-2 will no longer connect to its network.
Microsoft to Support SSH in Windows
After several false starts, Microsoft finally is planning to support SSH in Windows and the company’s engineers also will contribute to the OpenSSH project. While SSH has been a popular tool for remote login and command execution on many Unix and linux systems for years, Windows has not supported SSH by default, for a variety […]
Audit of GitHub SSH Keys Finds Many Still Vulnerable to Old Debian Bug
An audit of the SSH keys associated with more than a million GitHub accounts shows that some users have weak, easily factorable keys and many more are using keys that are still vulnerable to the Debian OpenSSL bug disclosed seven years ago.
Crypto Calamity for Blockchain Android App
A poor crypto implementation in the Blockchain Android app results in lost Bitcoin for a number of affected users.
PeopleSoft Vulnerabilities Elevate ERP Security Issues
A dozen vulnerabilities, including three critical architectural issues, in PeopleSoft implementations were discussed this week at Hack in the Box, putting ERP security in the spotlight.
Head-Scratching Begins on Proposed Wassenaar Export Control Rules
Experts point out that the proposed Wassenaar rules in the U.S. leave unanswered questions regarding exploit development and the use of commercial penetration testing tools.
Security Researchers Wary of Proposed Wassenaar Rules
The Commerce Department’s Bureau of Industry and Security today made public its proposal to implement the controversial Wassenaar Arrangement.