It seems little has changed over the last several years when it comes to how health and fitness apps go about securing user information. According to a survey carried out by the firm Arxan last fall, 86 percent of health apps it reviewed at had at least two critical vulnerabilities and 55 percent of users it talked...

Juniper Networks announced late Friday it was removing the suspicious Dual_EC_DRBG random number generator from its ScreenOS operating system. And while that’s heralded as a positive move considering Dual_EC’s dubious origins, there remain important and unanswered questions about Juniper’s decision to include what is considered to be a backdoored random number generator in its NetScreen...

Mike Mimoso and Chris Brook discuss the week in news: How the Dutch are opening encryption with open arms, the end of support for IE 8, 9, and 10, and the latest bounty offered up by Zerodium. Download: news_wrap_01-08-16.mp3 Music by Chris Gonsalves

Roughly 320,000 Time Warner Cable customers are being told to change their email passwords this week after the company announced Wednesday that hackers may have gained access to them. The move comes after the F.B.I. notified the telecommunications giant that someone may have gained access to TWC customer information. It’s still unclear exactly how someone may have...

If you’re hanging on to the theory that collision attacks against SHA-1 and MD5 aren’t yet practical, two researchers from INRIA, the French Institute for Research in Computer Science and Automation, have demonstrated new attacks that raise the urgency to move away from these broken cryptographic algorithms. Karthikeyan Bhargavan and Gaetan Leurent recently published an...

While the “Going Dark” debate over encryption standards rages on here in the ­­United States, government officials in the Netherlands this week released a statement that actually calls for stronger encryption and rejects backdoors entirely. On Monday officials said, citing respect for privacy and confidentiality, they were staunchly opposed to against any legislation that would...

Comcast’s Xfinity Home Security System is vulnerable to attacks that interfere with its ability to detect and alert to home intrusions. Researchers at Rapid7 today disclosed the issue after fruitless attempts to contact and report the problem to Comcast dating back to Nov. 2; Rapid7 did disclose the vulnerability to CERT, which is expected to...

The Tor Project announced last week that it will launch a bug bounty program later this year to encourage security researchers to responsibly report issues they find in the software. Tor Browser and Tor Performance Developer Mike Perry announced the news during the “State of the Onion” address last week at the Chaos Communication Congress conference...

Microsoft has taken steps to impede the next Superfish from impacting users. Superfish was pre-installed adware found on new Lenovo laptops earlier this year. The software exposes users to man-in-the-middle attacks because of the way it injects advertisements into the browser. It comes with a self-signed root cert that generates certs for HTTPS connections, replacing...

Nothing in Google’s arsenal carries more weight than its search engine rankings. Pair that weapon with a desire to inspire encrypted connections on the web, and you have a pretty powerful combination. More than a year ago, Google said it was testing a method where a site’s search ranking would be influenced by whether it...