Security News

Google Turns TLS on By Default on Android P
2018-04-13 16:52

Applications targeting the next version of Android (Android P) are required to use encrypted connections by default, Google said on Thursday. read more

Hurrah! TLS 1.3 is here. Now to implement it and put it into software
2018-04-01 00:00

Which won't be terrifyingly hard: it's pretty good at making old kit like the way it moves The ink has dried, so to speak, on TLS 1.3, so it's time for work developing software to implement the...

IETF Approves TLS 1.3
2018-03-26 05:39

The Internet Engineering Task Force (IETF) last week announced the approval of version 1.3 of the Transport Layer Security (TLS) traffic encryption protocol. The Internet standards organization...

Darknet Vendors Sell Counterfeit TLS Certificates
2018-02-26 11:47

Pro Tip: Change TLS Certificates Regularly For Better Data SecurityCertificate Authorities continue to be tricked into issuing bogus TLS certificates. A study by Recorded Future found that there...

TLS-Abusing Covert Data Channel Bypasses Network Defenses
2018-02-06 19:37

Researchers from Fidelis Cybersecurity have discovered a new method of abusing the X.509 public key certificates standard for covert channel data exchange following initial system compromise.  read more

Covert Data Channel in TLS Dodges Network Perimeter Protection
2018-02-05 19:26

Researchers have found a new covert data exchange technique that abuses the TLS protocol that can circumvent traditional network perimeter protections.

Let's Encrypt Disables TLS-SNI-01 Validation
2018-01-10 21:22

Free and open Certificate Authority (CA) Let’s Encrypt on Tuesday disabled TLS-SNI-01 validation after learning that users could abuse it to obtain certificates for domains they do not own. read more

19-Year-Old TLS Vulnerability Weakens Modern Website Crypto
2017-12-13 19:33

New research shows how an old vulnerability called ROBOT can be exploited using an adaptive chosen-ciphertext attack to reveal the plaintext for a given TLS session.

Android getting "DNS over TLS" to prevent ISPs from knowing what websites you visit
2017-10-23 01:29

No doubt your Internet Service Provides (ISPs), or network-level hackers cannot spy on https communications. But do you know — ISPs can still see all of your DNS requests, allowing them to know...

Don't Delay: Replace Symantec TLS/SSL Certs Now
2017-09-12 16:33

Google Will Slowly Start Pulling the Rug From Under Symantec's Digital CertificatesA major operation to cleanse websites of digital certificates created under questionable circumstances is...