On Tuesday, the CEO of UK certificate reseller Trustico decided to settle an argument with Digicert executive VP Jeremy Rowley by emailing him the private keys for 23,000 TLS certificates that had been issued by Symantec's disgraced Certificate Authority, to prove they had been compromised.
Read the rest
Thailand's insane lese majeste laws make it radioactively illegal to criticize the royal family, reflecting a profound insecurity about the legitimacy of the ruling elites there that can only be satisfied through blanket censorship orders whenever one of the royals does something ridiculous, cruel or both (this happens a lot). Read the rest
A group of security researchers from academe and industry (including perennial Boing Boing favorite J Alex Halderman) have published an important paper documenting the prevalence and problems of firewalls that break secure web sessions in order to scan their contents for undesirable and malicious content. Read the rest
Secure the News periodically checks in with news-sites to see how many of them implement HTTPS -- the secure protocol that stops your ISP and people snooping on it from knowing which pages you're looking at and from tampering with them -- and what proportion of them default to HTTPS. Read the rest
An imminently forthcoming version of Google's Chrome browser will flip the way that browsers convey information about privacy and security to users: instead of discreetly informing users that the HTTPS-enabled sites they're browsing are more secure, they'll flag any non-HTTPS site as insecure, with a series of escalating alerts that will end -- at some unspecified date -- by displaying an exclamation point inside red triangle and the letters HTTP next to the web addresses of non-HTTPS sites. Read the rest
Samata Ullah from Cardiff faces six terrorism charges, including "preparation of terrorism..."by researching an encryption programme, developing an encrypted version of his blog site, and publishing the instructions around the use of [the] programme on his blog site." Read the rest
Your browser trusts SSL certificates from hundreds of "Certificate Authorities," each of which is supposed to exercise the utmost caution before issuing them -- a rogue cert would allow a criminal or a government to act as a man-in-the-middle between you and your bank, email provider, or employer, undetectably intercepting communications that you believed to be secure. Read the rest