The United States is months removed from this spring’s Apple vs. FBI debacle, but the debate around encryption is just beginning to play out in Europe. A joint press conference held Tuesday in Paris between Germany’s Interior Minister Thomas de Maizière and France’s Interior Minister Bernard Cazeneuve marked perhaps the most public declaration by a government figure that there...

RC4 apparently is no longer the lone pariah among smaller cryptographic ciphers. Already broken and set for deprecation by the major browser and technology makers, RC4 could shortly have company in Triple-DES (3DES) and Blowfish. Researchers are set to present new attacks against 64-bit ciphers that allow for the recovery of authentication cookies from 3DES-protected...

New versions of Libgcrypt and Gnu Privacy Guard (GnuPG or GPG) released on Wednesday include security fixes for vulnerabilities discovered in the mixing functions of the Libgcrypt random number generator. The flaws were privately disclosed by Felix Dörre and Vladimir Klebanov of Karlsruhe Institute of Technology in Germany, and according to an advisory from the...

LAS VEGAS—There’s been an abundance of attacks against crypto over the last few years but a much simpler, scarier threat, cookie hijacking, remains significantly overlooked in the eyes of researchers. Two academics, Suphannee Sivakorn, a PhD student at Columbia University, and Jason Polakis, an assistant professor at the University of Illinois discussed just how woefully inadequate...

A popular mobile application that provides financial market research material operates without a measure of encryption, putting user information, including credentials and strategic financial interests at risk. The Seeking Alpha mobile app for Android and iOS also leaks everything from HTTP cookies to stock positions the user may be interested in. The app is not...

Google last week announced changes in the way it will handle trusted Certificate Authorities in Nougat, the latest version of the Android operating system. The changes are expected to cut into the likelihood of a successful man-in-the-middle attack, or a device falling victim to an attacker-supplied custom certificate. This also takes a bit of pressure...

Plenty has been speculated since the Snowden documents were made public about the NSA’s interest in building a quantum computer that could break current encryption securing communication worldwide. Quantum computing on a practical scale is a distant goal, but some do exist that leverage some aspects of quantum physics and small numbers of quantum bits....

Facebook today began a test program rolling out opt-in end-to-end encryption for its Messenger service called Secret Conversations. The end-to-end encryption is based on the Signal protocol developed by Open Whisper Systems, the same protocol that stands up the crypto in the Signal and WhatsApp messaging applications. The Facebook version of the encryption service is...

Facebook today began a test program rolling out opt-in end-to-end encryption for its Messenger service called Secret Conversations. The end-to-end encryption is based on the Signal protocol developed by Open Whisper Systems, the same protocol that stands up the crypto in the Signal and WhatsApp messaging applications. The Facebook version of the encryption service is...

Mike Mimoso, Tom Spring and Chris Brook discuss the news of the week, including all things Android: the crypto weakness, the full disk encryption bypass, and new malware, Hummingbad, which impacts the mobile operating system. The three also discuss the TP-Link router fiasco. Download: Threatpost_News_Wrap_July_8_2016.mp3 Music by Chris Gonsalves