The investigation into last Friday's coordinated terrorist attacks has quickly turned up evidence that members of the Islamic State (ISIS) communicated with the attackers from Syria using encrypted communications, according to French officials.
It’s not surprising that in the wake of the Paris terrorist attacks last Friday, US government officials would renew their assault on encryption and revive their efforts to force companies to install backdoors in secure products and encryption software.
Just last month, the government seemed to concede that forced decryption wasn’t the way to go for now, primarily because the public wasn’t convinced yet that encryption is a problem. But US officials had also noted that something could happen to suddenly sway the public in their favor.
A whole lot of work rolling out HTTP security is being undermined by bad browser implementation that facilitates man-in-the-middle attacks.
CERT has warned that all of the major browser vendors have a basic implementation error that mean “cookies set via HTTP requests may allow a remote attacker to bypass HTTPS and reveal private session information”.
During the last year, online crooks have realized that buying ads and lacing them with malicious code is an easy and cheap way of infecting victims with malware and get some money out of it.
As a result, “malvertising” in 2015 has almost tripled from the year prior, even if security firms have focused more on this threat, tracking down and reporting several cases of malvertising to the advertisers and publishers.
Now, the fight against malvertising is about to get tougher for internet defenders as criminal hackers have found an unlikely ally: web encryption.
he Obama Administration is weighing whether to come out in full support of unfettered encryption, something that would be a huge blow to the Feds, who have been pushing for compulsory backdoors in all new tech.
But there's something in the President's proposals that aren't quite right.