Amazon releases new, easily auditable TLS implementation
A new, open source implementation of the TLS encryption protocol has been unveiled by Amazon Web Services.Dubbed s2n (shorthand for “signal to noise”), the library …
TLS security: What really matters and how to get there
Deploying TLS securely is getting more complicated, rather than less. One possibility is that, with so much attention on TLS and many potential issues to consider, we’re …
Reddit announces switch to HTTPS-only
With a short note posted on the site’s developers subreddit, reddit – the so-called “front page of the internet” – has announced that starting with …
Let’s Encrypt CA to issue its first cert
Let’s Encrypt, a non-profit certificate authority (CA) set up by the Electronic Frontier Foundation, Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University …
New OpenSSL versions squash LogJam bug
The OpenSSL Project has pushed another update for the eponymous open-source cryptographic library. This one plugs several moderate bugs, one low one, and LogJam …
Mozilla pushes for full HTTPS use
Mozilla has announced they are planning to deprecate non-secure HTTP.“After a robust discussion on our community mailing list, Mozilla is committing to focus new …
OpenSSL security update less critical than expected, still recommended
As announced on Monday, the OpenSSL project team has released new versions of the cryptographic library that fix a number of security issues. The announcement created a panic …
SSL Labs unveils free open source tool, new APIs
Qualys SSL Labs now includes free assessment APIs, accompanied by a free open source tool that can be used for bulk and automated testing of websites. These new enhancements …
Core Infrastructure Initiative kickstarts OpenSSL audit
Cryptography Services, a team of consultants from several security research firms, have announced that they have been tasked with auditing OpenSSL, the popular and widely used …
Windows vulnerable to FREAK attacks after all
Microsoft has released a security advisory on Thursday, confirming that all supported releases of Microsoft Windows are vulnerable to the recently documented FREAK (Factoring …
FREAK bug breaks SSL encryption for Android and Apple devices
A flaw in OpenSSL and Apple’s Secure Transport implementation of SSL and TLS protocols is putting millions of Android and Apple device users as well as visitors of …
Real MITM attacks enabled by Komodia’s software might have already happened
When the issue of Lenovo’s pre-installed SSL-breaking Superfish adware first gained widespread media recognition, the company’s CTO Peter Hortensius tried to do …