Encryption news, trends, analysis and practical advice

david cameron paris
security phishing hook

Requested from VNP Exploitation Team

Vulcan mind-meld, Vulcan death grip & turtle-power used in NSA's VPN crypto cracking

What do Vulcan mind-meld, Vulcan death grip, turtle-power, flying pig, and poison nut all have in common? They are names found in the NSA's VPN Exploitation Team documentation that describe cracking the encryption used in virtual...

snowden digital

Snowden docs show Tor, TrueCrypt, Tails topped NSA's 'most wanted' list in '12

The National Security Agency saw Tor, Linux distribution Tails and TrueCrypt as the biggest threats to agency's ability to intercept Internet traffic.

Google encryption concept

Google's full encryption efforts chug along, with Yahoo's help

Google is making progress developing a user-friendly tool for fully encrypting people's messages on their computers.

poodle tls

Now P.O.O.D.L.E. poos on flaw in TLS

F5 and A10 gear is vulnerable: Remember October's flap about the vulnerability in SSL, known as POODLE? Remember all the smug people running servers that only supported TLS? Well, they may not be so smug this morning. In IT Blogwatch,...

national security agency headquarters fort meade maryland

New tools offer practical help to block official spies

Online civil-rights groups and IBM accidentally struck a blow for individual freedom simultaneously with tools that limit covert surveillance from both hackers and governments

ssl secure browser security lock

EFF, Mozilla back new authority that will offer free SSL certificates

A new organization supported by Mozilla, the Electronic Frontier Foundation and others is working to set up a new certificate authority that will provide website owners with free SSL/TLS certificates.

WhatsApp on iOS

WhatsApp adds end-to-end encryption to message service

Ramping up efforts to keep its customers' messages safe from snooping, WhatsApp said Tuesday that it now supports end-to-end encryption for messages sent between users. The end-to-end encryption comes thanks to a collaboration...


The best secure messaging apps that protect you from surveillance

If you use Skype, SnapChat, Facebook chat, WhatsApp, or Google off-the-record chat, then it’s time for you to rethink your digital communications strategy and switch to other more secure messaging programs. The EFF evaluated 39...

Google releases tool to test apps and devices for SSL/TLS weaknesses

The tool simulates man-in-the-middle attacks to detect SSL/TLS vulnerabilities and implementation issues


FBI Director Comey on needing access to dark encrypted closets where monsters hide

In a series of recent speeches, FBI Director James Comey discussed fighting monsters, the militarization of police, online terrorist propaganda, the risk of Going Dark due to encryption and how we need to stop before the U.S. becomes...

ssl secure browser security lock

Google to kill off SSL 3.0 in Chrome 40

To protect against POODLE attacks and other vulnerabilities in SSL 3.0, Google will remove support for the aging protocol in version 40 of its Chrome browser, due in about two months.

virtual encryption 175562932

Gigamon says it can analyze attacker SSL traffic without affecting performance

Gigamon says it has developed a capability to deeply analyze all SSL/TLS traffic.

Technique allows attackers to hide Android malware in images

A new technique that allows attackers to hide encrypted malicious Android applications inside images could be used to evade detection by antivirus products and possibly Google Play's own malware scanner.


FBI director calls for greater police access to communications

Apple and Google should reconsider plans to enable encryption by default on their smartphones, and the U.S. Congress should pass a law requiring that all communication tools allow police access to user data, FBI Director James Comey...

SSL,TLS, POODLE, email, Fastmail, Popcorn and me

The POODLE flaw in SSL version 3 also impacts email.

poodle ssl 3

POODLE poos on flaw (in SSL) as Google causes panic

SSL is attack dog when protocol-downgrade sinks teeth in leg: Google infosec researchers have found a new nasty TLS downgrade attack. While we all knew these old versions of SSL crypto were insecure, it's always been thought hard to...

national security agency headquarters fort meade maryland

Can the iPhone 6 really defeat the NSA?

There are loopholes in Apple’s claim, and law enforcement’s outrage seems disingenuous.

Binary bomb with a lit fuse code developer security programming

Security experts warn of 'POODLE' attack against SSL 3.0

Google researchers have found a severe flaw in an obsolete but still used encryption software that could be exploited to steal sensitive data.

Load More