New OpenSSL vulnerability puts encrypted communications at risk of spying

Friday, June 6th, 2014

A newly discovered vulnerability that allows spying on encrypted SSL/TLS communications has been identified and fixed in the widely used OpenSSL library. The vulnerability, which is being tracked as CVE-2014-0224, can be exploited to decrypt and modify SSL (Secure Sockets Layer) and TLS (Transport Layer Security) traffic between clients and servers ...

The Heartbleed Bug

Monday, April 7th, 2014

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging ...

Dozens of rogue self-signed SSL certificates used to impersonate high-profile sites

Thursday, February 13th, 2014

Dozens of self-signed SSL certificates created to impersonate banking, e-commerce and social networking websites have been found on the Web. The certificates don't pose a big threat to browser users, but could be used to launch man-in-the-middle attacks against users of many mobile apps, according to researchers from Internet services ...

Cybercriminals compromise home routers to attack online banking users

Friday, February 7th, 2014

Attacks recently observed in Poland involved cybercriminals hacking into home routers and changing their DNS settings so they can intercept user connections to online banking sites. Researchers from the Polish Computer Emergency Response Team (CERT Polska) believe attackers will likely target users from other countries as well in the future using ...

Encrypt the Web Report: Who’s Doing What

Wednesday, November 20th, 2013

We’ve asked the companies in our Who Has Your Back Program what they are doing to bolster encryption in light of the NSA’s unlawful surveillance of your communications. We’re pleased to see that four companies—Dropbox, Google, SpiderOak and Sonic.net—are implementing five out of five of our best practices for encryption. In addition, we appreciate ...