Security News

Starting with 20:00 UTC, today, the non-profit certificate authority Let's Encrypt will begin it's effort to revoke a little over 3 million TLS/SSL certificates that it issued while a bug affected its CA software. "The bug: when a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times. What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Let's Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Let's Encrypt."

UPDATE. Popular free certificate authority Let's Encrypt said it will revoke 3 million Transport Layer Security certificates Wednesday, because of a Certificate Authority Authorization bug. Let's Encrypt explained on Tuesday it had to revoke the 3 million certificates because of a CAA bug that impacted the way its software checked domain ownership before issuing certificates.

On Wednesday, March 4, Let's Encrypt - the free, automated digital certificate authority - will briefly become Let's Revoke, to undo the issuance of more than three million flawed HTTPS certs. In a post to the service's online forum on Saturday, Jacob Hoffman-Andrews, senior staff technologist at the EFF, said a bug had been found in the code for Boulder, Let's Encrypt's automated certificate management environment.

Last week was a big one for non-profit digital certificate project Let's Encrypt - it issued its billionth certificate. Publicly announced in November 2014, Let's Encrypt offers TLS certificates for free.

Free and open certificate authority Let's Encrypt on Thursday issued its billionth certificate, four and a half years after issuing the first certificate. It provides free digital certificates and also handles the certificate management process for site owners.

Let's Encrypt, a free, automated, and open certificate signing authority from the nonprofit Internet Security Research Group, has said it's issued a billion certificates since its launch in 2015. Since late last year, Let's Encrypt has issued at least 1.2 million certificates each day.

Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking. The open-sourced Jetpack Security library lets Android app developers easily read and write encrypted files by following best security practices, including storing cryptographic keys and protecting files that may contain sensitive data, API keys, OAuth tokens.

If you need strong command line encryption on Linux, look no further than 7zip.

Although this tool is typically used for zipping and unzipping files, it also includes the ability to encrypt and decrypt those files. Say you have the files webservers and kubernetes to be encrypted into the file data.7z. The command for this would be:.7z a -p -mx=9 -mhe -t7z data.7z webservers kubernetes.

Apple ditched plans to fully encrypt its iCloud backups two years ago after being pressured by the FBI, it is claimed. Under this plan, Apple would no longer have the key to unlock encrypted data, meaning it would no longer be able provide decrypted backups of its users to the authorities, even under court order.