Leading certificate authority Let’s Encrypt is facing criticism that its rapid growth and eagerness to encrypt internet communications is happening at a cost.

Starting with Chrome 62, Google will start marking any HTTP page where users may enter data, and any HTTP page visited in incognito mode

Security tools that proxy and inspect HTTPS traffic create a blindspot for network administrators trying to determine whether communication between clients and servers is secure.

US-CERT issues alert to server admins warning of a dangerous OpenSSL vulnerability and urges 1.1.0 users update to version 1.1.0e.

RSA 2017 is previewed and last week’s report on iOS apps being vulnerable to interception attacks, macro malware coming to MacOS, and new Uber open source module are discussed.

More than 70 iOS apps are vulnerable to man-in-the-middle attacks where TLS connections can be intercepted and sensitive data stolen.

Academics studying 283 Android VPN apps quantified a number of problems associated with native platform support for VPN clients through the BIND_VPN_SERVICE.

Google announced that it will operate its own root Certificate Authority, stood up by the acquisition of two root CAs from GlobalSign.

Things are about to get a lot safer on the internet with SHA-2, but there is plenty of work still to be done when it comes to SHA-1 deprecation.

Apple extended the deadline of Dec. 31 for developers adopt App Transport Security standards for applications submitted to the App Store.