RSS Reader for Computer Security Articles
Credit to Author: Dia Kayyali| Date: Sun, 19 Mar 2017 11:00:18 +0000
Opinion: Livestreaming can document human rights abuses, but it can carry security risks. The post Hey Activists: You Need to Think Twice Before Livestreaming Protests appeared first on WIRED.
Read More
Credit to Author: Lucian Constantin| Date: Fri, 17 Mar 2017 15:14:00 -0700
Companies that use security products to inspect HTTPS traffic might inadvertently make their users’ encrypted connections less secure and expose them to man-in-the-middle attacks, the U.S. Computer Emergency Readiness Team warns.
US-CERT, a division of the Department of Homeland Security, published an advisory after a recent survey showed that HTTPS inspection products don’t mirror the security attributes of the original connections between clients and servers.
HTTPS inspection checks the encrypted traffic coming from an HTTPS site to make sure it doesn’t contain threats or malware. It’s performed by intercepting a client’s connection to an HTTPS server, establishing the connection on the client’s behalf and then re-encrypting the traffic sent to the client with a different, locally generated certificate. Products that do this essentially act as man-in-the-middle proxies.
To read this article in full or to leave a comment, please click here
Credit to Author: Andy Greenberg| Date: Wed, 15 Mar 2017 19:39:33 +0000
Web-based vulnerabilities in end-to-end messengers demonstrate why it may be safest to stick with the mobile versions of messaging apps. The post WhatsApp Hack Shows That Even Encryption Apps Are Vulnerable in a Browser appeared first on WIRED.
Read More
Credit to Author: Lucian Constantin| Date: Wed, 15 Mar 2017 07:55:00 -0700
A vulnerability patched in the web-based versions of encrypted communications services WhatsApp and Telegram would have allowed attackers to take over accounts by sending users malicious files masquerading as images or videos.
The vulnerability was discovered last week by researchers from Check Point Software Technologies and was patched by the WhatsApp and Telegram developers after the company privately shared the flaw’s details with them.
The web-based versions of WhatsApp and Telegram synchronize automatically with the apps installed on users’ phones. At least in the case of WhatsApp, once paired using a QR code, the phone needs to have an active internet connection for WhatsApp messages to be relayed to the browser on the computer.
To read this article in full or to leave a comment, please click here
Credit to Author: Lucian Constantin| Date: Tue, 14 Mar 2017 11:19:00 -0700
In a case of no honor among thieves, a group of attackers has found a way to hijack the Petya ransomware and use it in targeted attacks against companies without the program creators’ knowledge.
A computer Trojan dubbed PetrWrap, being used in attacks against enterprise networks, installs Petya on computers and then patches it on the fly to suit its needs, according to security researchers from antivirus vendor Kaspersky Lab.
The Trojan uses programmatic methods to trick Petya to use a different encryption key than the one its original creators have embedded inside its code. This ensures that only the PetrWrap attackers can restore the affected computers to their previous state.
To read this article in full or to leave a comment, please click here
Credit to Author: Lucian Constantin| Date: Tue, 14 Mar 2017 05:30:00 -0700
After Edward Snowden revealed that online communications were being collected en masse by some of the world’s most powerful intelligence agencies, security experts called for encryption of the entire web. Four years later, it looks like we’ve passed the tipping point.
The number of websites supporting HTTPS — HTTP over encrypted SSL/TLS connections — has skyrocketed over the past year. There are many benefits to turning on encryption, so if your website does not yet support the technology it’s time to make the move.
Recent telemetry data from Google Chrome and Mozilla Firefox shows that over 50 percent of web traffic is now encrypted, both on computers and mobile devices. Most of that traffic goes to a few large websites, but even so, it’s a jump of over 10 percentage points since a year ago.
To read this article in full or to leave a comment, please click here
Credit to Author: Kate Krauss| Date: Fri, 10 Mar 2017 15:30:43 +0000
Opinion: Journalists, and their bosses, must embrace encryption to protect themselves and their sources. The post Time for Journalists to Encrypt Everything appeared first on WIRED.
Read MoreCredit to Author: Lily Hay Newman| Date: Thu, 09 Mar 2017 12:00:36 +0000
Confide has become a favorite among political staffers looking for secrecy. Unfortunately, it lacked plenty of basic security features. The post That Encrypted Chat App the White House Liked? Full of Holes appeared first on WIRED.
Read More