The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

HTTPS Questionmark screenshot

Google warns of unauthorized TLS certificates trusted by almost all OSes Ars Technica

“In the latest security lapse involving the Internet’s widely used encryption system, Google said unauthorized digital certificates have been issued for several of its domains and warned misissued credentials may be impersonating other unnamed sites as well.” (more…)

· ·

Tulips and windmill

DutchNews.nl reports that ISPs in the Netherlands will no longer be required to retain data for law enforcement.

Since 2009, national laws have required keeping records on the activities of all users for a period of one year. In 2014 the EU determined that such mass storage was a violation of fundamental privacy rights.

This court ruling brings the EU and Dutch rules into accord by ending the data retention requirement.

·

Feb/15

19

SuperFish – worst case certificate abuse

HiRes

There is a new “man in the middle” attack against web pages that is significantly worse than I have seen before. Interestingly, it does not even appear to be intended as an attack. (more…)

·

Feb/15

13

Snipers at the Watering Hole

Play

Rhino at watering hole

Security researchers discovered a very sophisticated watering hole attack against Forbes.

There is a major trend towards increasingly targeted cyber attacks, from advanced persistent threats (APT), to spear phishing. Now we are seeing targeting applied to watering hole attacks. I think of this as the sniper at the watering hole. (more…)

· · · · · · ·

Feb/15

1

China requiring back doors in banking software

Asian woman at computer

“HONG KONG — The Chinese government has adopted new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code, submit to invasive audits and build so-called back doors into hardware and software, according to a copy of the rules obtained by foreign technology companies that do billions of dollars’ worth of business in China.”

New Rules in China Upset Western Tech Companies – NYTimes.com

Previous blog posts on China censorship:

China celebrates 25th anniversary of Tiananmen with censorship. – The Privacy Blog The Privacy Blog

China launches MITM attack on GitHub – The Privacy Blog The Privacy Blog

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

· ·

Older posts >>