FREAKing hell: ALL Windows versions vulnerable to SSL snoop
Mar09

FREAKing hell: ALL Windows versions vulnerable to SSL snoop

Relax! We’ve got a (server-knackering) workaround to sort things out, says Microsoft Microsoft has confirmed that its implementation of SSL/TLS in all versions of Windows is vulnerable to the FREAK encryption-downgrade attack. This means if you’re using the company’s Windows operating system, an attacker on your network can potentially force Internet Explorer and other software using the Windows Secure Channel...

Read More
You’ve Got to Trust Your Vm Host
Feb20

You’ve Got to Trust Your Vm Host

Or: Why Disc Encryption Won’t Save YouThere’s a persistent meme floating around that full-disc encryption ofyour VM’s discs will … If you have content you need protecting from prying eyes who might have access to your VM host, disc encryption will only help you if you can switch your VM off before they get there. A dedicated host would do better, if you’ve got a working case alarm to cut the power when anyone opens it. Read more...

Read More

Google’s work on full encryption chugs along, with Yahoo’s help

  Google is making progress developing a user-friendly tool for fully encrypting people’s messages on their computers, with coding help from Yahoo and a transition to GitHub. Contributions from Alex Stamos, Yahoo’s chief security officer, and his team have been incorporated into an updated pre-release version of the browser extension announced Tuesday, Google said in a blog post….. Read...

Read More
Hashing: Securely Storing Passwords – Griff’s Grumblings
Nov24

Hashing: Securely Storing Passwords – Griff’s Grumblings

Cryptographic hash functions, or hashes for short, take an input of a variable length and produce a unique, fixed size output. Hashes are used in modern computing in a variety of ways, including password verification, file integrity validation, and file identification. Hash functions are easy to compute based on the input, but are difficult to re-compute given only the output. Because of this property, hashes are great for storing...

Read More
Presenting Tinfoil Chat (CEV)
Nov10

Presenting Tinfoil Chat (CEV)

Project Description: (TFC-CEV) is a high assurance encryption plugin for Pidgin IM client that combines free and open source hardware and software. Secure by design implementation provides a no-compromise layer over the standard and OTR encrypted communication, that addresses automatable attacks used by intelligence agencies for mass surveillance: Computationally secure cascading encryption ensures privacy and integrity of...

Read More