Certificate authority Let’s Encrypt is celebrating a major milestone in the young nonprofit’s existence issuing its 5 millionth certificate this month. Let’s Encrypt launched to the general public just seven months ago. “Our goal is to get the entire web 100 percent HTTPS,” said Josh Aas, executive director for the Internet Security Research Group, the...

The scourge of ransomware over the past two years has been impressive – and not in a good way. The number of frustrated computer users locked out of their PCs is at an all-time high with no signs of the ransomware epidemic relenting. According to security experts, the last two years have seen an astounding...

The Department of Justice is countering a growing chorus of privacy advocates who are against a rule change that will greatly expand law enforcement’s ability to hack into computers located around the world. In a blog post to the DoJ website late Monday, Assistant Attorney General Leslie Caldwell argued law enforcement must not be stymied...

At last week’s Apple Worldwide Developer Conference, Apple announced some security upgrades around Gatekeeper and a new filesystem that includes native support for encryption. Mac hacker Patrick Wardle, director of research at Synack, explains whether this a big deal and how the upgrades address some problems he’d disclosed to Apple. Download: Patrick_Wardle_on_MacOS_Gatekeeper_Security.mp3 Music by Chris Gonsalves

The House voted Thursday to block passage of an amendment aimed to rein in U.S. domestic mass surveillance by the NSA and protect strong encryption standards citing Sunday’s Orlando tragedy as reason to fight surveillance reforms. The so-called Massie-Lofgren amendment was considered a key privacy provision by civil liberties groups who had worked for years to...

A flaw in the popular Telegram Messenger app that allows attackers to crash devices and run up wireless data charges is being disputed by the app maker who calls the claims false. According to two Iranian-based researchers, Sadegh Ahmadzadegan and Omid Ghaffarinia, Telegram users are vulnerable to attacks via specially crafted messages that can bypass...

Civil liberties groups are anxiously waiting to see if an anti-surveillance amendment will be added to a Department of Defense spending bill Tuesday. The so-called Massie-Lofgren amendment would reign in U.S. domestic mass surveillance by the NSA and protect U.S. encryption standards. The amendment, considered a significant post-Snowden reform, risks not being added to a...

Browser makers and other tech companies have gone to great pains to beef up weak crypto libraries, in particular those that are exposed to fallback attacks such as POODLE. Attackers exploiting these vulnerabilities are able to dial back the encryption protecting communication to SSLv2 and SSLv3, for example, forcing servers to fall back to these...

Netgear on Friday released firmware updates for two of its router products lines, patching vulnerabilities that were reported six months ago. Users should update to firmware version 1.0.0.59, which includes fixes for an authentication bypass vulnerability and also addresses a hard-coded cryptographic key embedded in older versions of the firmware. A vulnerability note published by...

For close to a month, the master encryption key unlocking files ravaged by TeslaCrypt has been publicly available, putting an end to a profitable strain of ransomware. In the weeks since, various decryptors have been developed that can be used to unlock files. Kaspersky Lab, for one, updated its Rakhni utility to include TeslaCrypt v3...