Archive for the ‘Security’ Category

Apple Suspects Hardware Espionage

From 9to5Mac: At least part of the driver for this is to ensure that the servers are secure. Apple has long suspected that servers it ordered from the traditional supply chain were intercepted during shipping, with additional chips and firmware added to them by unknown third parties in order to make them vulnerable to infiltration, […]

Google Giving Preference To SSL

Looks like I beat this one by a few months. SSL is now a ranking signal for Google. I switched this and a few other sites over to SSL a few months ago, while enabling SPDY and a few other things I’m playing around with. So far this has been pretty painless and actually simplified […]

Heartbleed and OpenSSL

Heartbleed is a pretty nasty security bug. Thankfully it can be fixed by a quick package update (unless you’re mod_spdy among other culprits (this one got me briefly). Then for good measure revoke certs and reissue to make sure nothing is left to chance. Need to make sure everything built on OpenSSL is not impacted. […]

Slowly Moving The Web To HTTPS

The EFF has a pretty good post on the move to make HTTPS closer to the new normal on the web. It’s hardly normal yet, but it’s improving. Already some of the bigger sites on the internet like Google, Facebook and Twitter are serving up HTTPS for almost everything. They do it for security as […]

QR Codes Compromised By Stickers

Criminals have realized that QR codes are not human readable and are taking advantage. Shocking isn’t it? From The Register: Cybercrooks are putting up stickers featuring URLs embedded in Quick Response codes (QR codes) as a trick designed to drive traffic to dodgy sites. It’s extremely simple to print out a sticker pointing to a […]

GPS Vulnerabilties Found

It’s not a big secret that GPS is yet another system built largely on trust. Researchers however found some interesting new flaws in GPS implementations including the expensive ones. Most interesting is the attacks could be conducted using equipment that cost only $2,500. That’s a bargain for creating chaos.

Facebook Going HTTPS

Apparently HTTPS is going to be standard for all Facebook users: As announced last year, we are moving to HTTPS for all users. This week, we’re starting to roll out HTTPS for all North America users and will be soon rolling out to the rest of the world. Great move, I’m glad they are finally […]

Silent Circle Finally Bringing Security To Mobile?

Silent Circle is a pretty interesting sounding app: It’s a model for the nested cryptography of Silent Circle. The “safe room” is the iPhone processor, where all the encryption happens. By the time your text leaves the phone, it’s been completely encrypted, unrecoverable without the key. To keep the key safe, Silent Circle uses the […]

Chrome Enables Do-Not-Track

Chrome finally added Do-Not-Track (DNT) to Chromium. They are the last major browser to complete implementation and start giving users a choice in terms of their preference to tracking. DNT isn’t a perfect solution as it has no enforcement. Regardless it’s a step in the right direction and empowers ad networks to respect users privacy […]

Wikipedia’s Jimmy Wales Threatens To Encrypt Wikipedia

Wikipedia’s Jimmy Wales threatened to encrypt traffic to the UK if new tracking laws are implemented: But if we find that UK ISPs are mandated to keep track of every single web page that you read on Wikipedia, I’m almost certain – err, I shouldn’t speak for our technical staff – we would immediately move […]