Tracking the FREAK Attack

Tuesday, March 3rd, 2015

On Tuesday, March 3, 2015, researchers disclosed a new SSL/TLS vulnerability — the FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptogrpahy, which can then be decrypted. There are several posts that discuss the attack in detail: ...

Simplocker Android ransomware variant identified, tougher to decrypt files

Tuesday, February 10th, 2015

A new and improved variant of Simplocker ransomware for Android devices is currently being distributed, according to Avast. When Simplocker was first identified in June 2014, it was considered possibly the first ransomware for Android devices that encrypts files. However, the encryption key was hardcoded inside the malware and was not ...

ISPs Stripping Encryption from Personal Mails

Friday, November 14th, 2014

The Electronic Frontier Foundation (EFF), an internet freedom watchdog group, is reporting that for the past few months, some ISPs in the US and Thailand have been caught removing encryption from customers’ emails, by stripping a security flag called STARTTLS from the messages. The STARTTLS flag is an essential security and ...

Microsoft posts critical patch for huge Windows vulnerability that affects all modern machines

Tuesday, November 11th, 2014

Remember Heartbleed? You know, the exploit in SSL that was so bad it got its own brand? Microsoft may have an issue of similar scale on its hands with a critical patch issued via Windows Update today. The patch in question is MS14-066, or otherwise known as the cryptically named “Vulnerability in Schannel ...

Facebook becomes directly accessible through Tor’s anonymity network

Friday, October 31st, 2014

Facebook has made it easier to access the social network through multiple layers of encryption and without disclosing your true location, by allowing direct access as a hidden service through Tor’s anonymity-focused browser. Tor sometimes comes up against the security mechanisms of sites — such as Facebook and banking sites — that ...