We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
WireGuard has finally made it into the mainline Linux kernel - meaning Dynamic Kernel Module Support (DKMS) builds will no longer be necessary, making routine kernel upgrades significantly faster!
COVID-19 is forcing browser makers including Google and Mozilla to continue supporting the TLS 1.0 and TLS 1.1 protocols.
Have you heard about IPFire's new method of cryptographic kernel rootkit protection? IPFire is an open-source software that protects the network from external attacks and prevents intrusion.
The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software.
We issued our billionth certificate on February 27, 2020. We’re going to use this big round number as an opportunity to reflect on what has changed for us, and for the Internet, leading up to this event. In particular, we want to talk about what has happened since the last time we talked about a big round number of certificates -one hundred million.
Huawei can covertly access mobile networks through back doors meant for law enforcement, the U.S. has told allies in a bid to show that the firm poses a security threat.
Strong, unbroken encryption is essential in protecting users' privacy and the integrity of sensitive data, yet encryption technology is currently under threat in many countries.
Is a Linux SSH GUI in your future? Jack Wallen believes once you try Snowflake, there's no going back. If you are currently using Snowflake, we'd love to hear your thoughts!
The WireGuard VPN protocol, which is smaller, faster and easier to configure than IPsec, has been merged into Linus Torvalds' git repository for version 5.6 of the Linux kernel, the next release.
An election security group has said the Justice Department’s renewed calls for access to encrypted data could impact more than privacy, stating: “Any effort to diminish the effectiveness of encryption will inherently diminish the security and, potentially, the integrity, of our elections. Hostile actors will likely direct similar efforts at campaign officials, political organizations, and politically engaged individuals in future elections." What are your thoughts?
New research has heightened an already urgent call to abandon SHA-1, a cryptographic algorithm still used in many popular online services. A new, powerful GPG collision attack on the system which could enable attackers to fake digital certificates has been discovered.
Each year has its defining moments and trends. Learn why 2020 will be the "Year of Encryption":
A Google Chrome extension named Shitcoin Wallet is stealing passwords and wallet private keys, security researcher says. Learn more about this malicious extension:
Almost every week, we hear about another corporate data breach or government attack on privacy. For anyone who wants real privacy online, encryption is the essential component. Learn more about the importance of maintaining strong encryption:
The Senate Judiciary Committee recently held ahearingon encryption and “lawful access.” That’s the fanciful idea that encryption providers can somehow allow law enforcement access to users’ encrypted data while otherwise preventing the “bad guys” from accessing this very same data. Learn more:
This time last year, the Australian Labor Party waved through the government's encryption Bills, formally known as the Assistance and Access Bill, and threw out the line that it was to keep the nation safe. The Labor Party now says it will fix encryption laws it voted for last year, but legislation is unlikely to pass the House of Representatives. What are your thoughts on this proposed legislation and the implications it would have for citizens' privacy? Learn more:
We've been taught to look out for that little padlock to ensure a website is secure. But it's dangerous to rely on just one detail. Learn more:
The growing battle over end-to-end encryption took another turn last week, when EU officials warned that they may not take kindly to a US encryption ban or insertion of crypto backdoor technology. What is your opinion on this issue? We are in favor of strong encryption. Learn more:
Recent attacks on encryption have diverged. On the one hand, we’ve seen Attorney General William Barr call for “lawful access” to encrypted communications,using arguments that have barely changed since the 1990’s. But we’ve also seensuggestions from a different set of actors for more purportedly “reasonable” interventions, particularly the use of client-side scanning to stop the transmission of contraband files, most often child exploitation imagery (CEI). What are your thoughts on client-side scanning and its privacy implications? Learn more in a great EFF article:
Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called "Delegated Credentials for TLS." Delegated Credentials for TLS is a new simplified way to implement "short-lived" certificates without sacrificing the reliability of secure connections. Learn more about Delegated Credentials for TLS in an informative The Hacker News article:
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
