Mike Mimoso and Chris Brook discuss the news of the week, including internet-connected teddy bears, the latest on the Going Dark debate, and whether or not there’s a backdoor in Socat. They also preview next week’s Security Analyst Summit in Tenerife, Spain. Download: Threatpost_News_Wrap_February_5_2016.mp3 Music by Chris Gonsalves

Since technology companies such as Google and Apple turned on end-to-end encryption by default and tied encryption keys to device passwords, the government’s inability to compel providers via warrants to turn over data has caused considerable angst. Going Dark is the government’s catch-all phrase for the current state of affairs, and high-ranking officials such as...

Mike Mimoso talks to privacy and security veteran Jon Callas of Silent Circle about the digital footprint businesses and consumers leave, how to secure our private data, and how a new documentary sponsored by Silent Circle called “Power of Privacy” helps visualize how personal information is shared-and abused-online. Download: Jon_Callas_on_Securing_Private_Data.mp3 Music by Chris Gonsalves

Most U.S. government agencies have until Feb. 4 to audit their IT infrastructure for the use of backdoored Juniper Networks’ Netscreen firewalls. Letters went out late last week from the House Oversight & Government Reform Committee to the leaders of the various agencies asking them to provide the committee with a report on whether the...

OpenSSL is scheduled to update two versions of the software this week, patching a pair of vulnerabilities in the process. The OpenSSL project this morning said the updates will move users to versions 1.0.2f and 1.0.1r and should be available Thursday between 8 a.m. and noon Eastern time. “They will fix two security defects, one of...

Juniper Networks announced late Friday it was removing the suspicious Dual_EC_DRBG random number generator from its ScreenOS operating system. And while that’s heralded as a positive move considering Dual_EC’s dubious origins, there remain important and unanswered questions about Juniper’s decision to include what is considered to be a backdoored random number generator in its NetScreen...

Mike Mimoso and Chris Brook discuss the week in news: How the Dutch are opening encryption with open arms, the end of support for IE 8, 9, and 10, and the latest bounty offered up by Zerodium. Download: news_wrap_01-08-16.mp3 Music by Chris Gonsalves

As promised, Mozilla officially began rejecting new SHA-1 certificates as of the first of the year. And as promised, there have been some usability issues. Mozilla yesterday said that some security scanners and antivirus products are keeping some from reaching HTTPS websites. “When a user tries to connect to an HTTPS site, the man-in-the-middle device...

If you’re hanging on to the theory that collision attacks against SHA-1 and MD5 aren’t yet practical, two researchers from INRIA, the French Institute for Research in Computer Science and Automation, have demonstrated new attacks that raise the urgency to move away from these broken cryptographic algorithms. Karthikeyan Bhargavan and Gaetan Leurent recently published an...

While the “Going Dark” debate over encryption standards rages on here in the ­­United States, government officials in the Netherlands this week released a statement that actually calls for stronger encryption and rejects backdoors entirely. On Monday officials said, citing respect for privacy and confidentiality, they were staunchly opposed to against any legislation that would...