It’s not surprising that in the wake of the Paris terrorist attacks last Friday, US government officials would renew their assault on encryption and revive their efforts to force companies to install backdoors in secure products and encryption software.
Just last month, the government seemed to concede that forced decryption wasn’t the way to go for now, primarily because the public wasn’t convinced yet that encryption is a problem. But US officials had also noted that something could happen to suddenly sway the public in their favor.
A whole lot of work rolling out HTTP security is being undermined by bad browser implementation that facilitates man-in-the-middle attacks.
CERT has warned that all of the major browser vendors have a basic implementation error that mean “cookies set via HTTP requests may allow a remote attacker to bypass HTTPS and reveal private session information”.
During the last year, online crooks have realized that buying ads and lacing them with malicious code is an easy and cheap way of infecting victims with malware and get some money out of it.
As a result, “malvertising” in 2015 has almost tripled from the year prior, even if security firms have focused more on this threat, tracking down and reporting several cases of malvertising to the advertisers and publishers.
Now, the fight against malvertising is about to get tougher for internet defenders as criminal hackers have found an unlikely ally: web encryption.
he Obama Administration is weighing whether to come out in full support of unfettered encryption, something that would be a huge blow to the Feds, who have been pushing for compulsory backdoors in all new tech.
But there's something in the President's proposals that aren't quite right.
Argument over strong encryption reaches boiling point as Apple, Microsoft rebuff court orders for data access
A long-running debate concerning recent advances in consumer data encryption came to a head this summer when Apple rebuffed a Justice Department court order demanding access to iMessage transcripts, causing some in the law enforcement community to call for legal action against the company.