https / Boing Boing

/ SUBMIT / SEARCH / STORE /

Blog : Show me the posts

Forums : But read the community guidelines

Shop : A Directory of Wonderful Products

About Us : Editors, Contributors and Staff

Advertise Here : Thank you for not blocking ours

Cory Doctorow / 1:54 pm Tue, Feb 26, 2019

A finance industry group is pushing an intentionally broken cryptography "standard" called ETS

ETS was originally called "Enterprise TLS," implying that it was an "enterprise-grade" version of TLS, the system used to secure internet sessions (if you visit a URL that starts with "https://", it's being protected with TLS). Read the rest

Cory Doctorow / 1:38 pm Sun, Mar 4, 2018

CEO of Trustico emails 23,000 HTTPS private keys, triggering panicked mass-revocation

On Tuesday, the CEO of UK certificate reseller Trustico decided to settle an argument with Digicert executive VP Jeremy Rowley by emailing him the private keys for 23,000 TLS certificates that had been issued by Symantec's disgraced Certificate Authority, to prove they had been compromised. Read the rest

Cory Doctorow / 12:09 am Mon, May 22, 2017

Thailand is losing the war on dissent, thanks to user notifications and HTTPS

Thailand's insane lese majeste laws make it radioactively illegal to criticize the royal family, reflecting a profound insecurity about the legitimacy of the ruling elites there that can only be satisfied through blanket censorship orders whenever one of the royals does something ridiculous, cruel or both (this happens a lot). Read the rest

Cory Doctorow / 8:56 am Wed, Feb 8, 2017

Enterprise firewalls are man-in-the-middling HTTPS sessions like crazy, and weakening security

A group of security researchers from academe and industry (including perennial Boing Boing favorite J Alex Halderman) have published an important paper documenting the prevalence and problems of firewalls that break secure web sessions in order to scan their contents for undesirable and malicious content. Read the rest

Cory Doctorow / 12:11 pm Thu, Dec 15, 2016

Freedom of the Press releases an automated, self-updating report card grading news-sites on HTTPS

Secure the News periodically checks in with news-sites to see how many of them implement HTTPS -- the secure protocol that stops your ISP and people snooping on it from knowing which pages you're looking at and from tampering with them -- and what proportion of them default to HTTPS. Read the rest

Cory Doctorow / 5:21 am Sat, Nov 5, 2016

Chrome is about to start warning users that non-HTTPS sites are insecure

An imminently forthcoming version of Google's Chrome browser will flip the way that browsers convey information about privacy and security to users: instead of discreetly informing users that the HTTPS-enabled sites they're browsing are more secure, they'll flag any non-HTTPS site as insecure, with a series of escalating alerts that will end -- at some unspecified date -- by displaying an exclamation point inside red triangle and the letters HTTP next to the web addresses of non-HTTPS sites. Read the rest

Cory Doctorow / 9:50 am Mon, Oct 10, 2016

Scotland Yard charge: teaching people to use crypto is an act of terrorism

Samata Ullah from Cardiff faces six terrorism charges, including "preparation of terrorism..."by researching an encryption programme, developing an encrypted version of his blog site, and publishing the instructions around the use of [the] programme on his blog site." Read the rest

Cory Doctorow / 12:16 am Sat, Sep 19, 2015

Symantec caught issuing rogue Google.com certificates

Your browser trusts SSL certificates from hundreds of "Certificate Authorities," each of which is supposed to exercise the utmost caution before issuing them -- a rogue cert would allow a criminal or a government to act as a man-in-the-middle between you and your bank, email provider, or employer, undetectably intercepting communications that you believed to be secure. Read the rest

From the Boing Boing Shop

Follow Us

Twitter / Facebook / RSS

A finance industry group is pushing an intentionally broken cryptography "standard" called ETS

CEO of Trustico emails 23,000 HTTPS private keys, triggering panicked mass-revocation

Thailand is losing the war on dissent, thanks to user notifications and HTTPS

Enterprise firewalls are man-in-the-middling HTTPS sessions like crazy, and weakening security

Freedom of the Press releases an automated, self-updating report card grading news-sites on HTTPS

Chrome is about to start warning users that non-HTTPS sites are insecure

Scotland Yard charge: teaching people to use crypto is an act of terrorism

Symantec caught issuing rogue Google.com certificates

From the Boing Boing Shop

Follow Us

Twitter / Facebook / RSS

SHARE / TWEET / 9 COMMENTS

backdoors / bits / crypto wars / extra terrible security / https / ietf / lawful interception / nobus / tls

SHARE / TWEET / 21 COMMENTS

Business / certificate authority / certificate transparency / digicert / https / infosec / pki / root of trust / security / symantec / tls / Trustico / uk

SHARE / TWEET / 9 COMMENTS

blacklists / Business / can't stop the signal / censorship / crypto wars / facebook / https / lawful interception / lese majeste / national firewalls / streisand effect / thailand

SHARE / TWEET / 51 COMMENTS

censorship / https / infosec / middleboxes / petard / scholarship / security

SHARE / TWEET / 7 COMMENTS

anonymity / crypto / https / infosec / leaderboards / media theory / security / web theory

SHARE / TWEET / 76 COMMENTS

certificate authorities / google / https / infosec / no more padlocks / pki / security / surveillance / ux / web theory

SHARE / TWEET / 21 COMMENTS

crypto wars / gwot / https / surveillance / tails / uk / ukpoli

SHARE / TWEET / 36 COMMENTS

Business / certificate transparency / certificates / crypto / google / https / infosec / merkle trees / security / ssl / tls