By samzenpus from
Slashdot's protect-ya-neck department:
An anonymous reader writes:
Let's Encrypt, the project that hopes to increase the use of encryption across websites by issuing free digital certificates, is planning to issue the first ones next month. Backed by the EFF, the Mozilla Foundation, the Linux Foundation, Akamai, IdenTrust, Automattic, and Cisco, Let's Encrypt will provide free-of-charge SSL and TSL certificates to any webmaster interested in implementing HTTPS for their products. The Stack reports: "Let's Encrypt's root certificate will be cross-signed by IdenTrust, a public key CA owned by smartphone government ID card provider HID Global. Website operators are generally hesitant to use SSL/TLS certificates due to their cost. An extended validation (EV) SSL certificates can cost up to $1,000. It is also a complication for operators to set up encryption for larger web services. Let's Encrypt aims to remove these obstacles by eliminating the related costs and automating the entire process."Read Replies (0)
By samzenpus from
Slashdot's go-ahead-and-ask department:
Brian Krebs got his start as a reporter at The Washington Post and after having his entire network taken down by the
Lion Worm, crime and cybersecurity became his focus. In 2005, Krebs started the Security Fix blog and
Krebs On Security in 2009, which remains one of the most popular sources of cybercrime and security news. Brian is credited with being the first journalist to report on Stuxnet and one of his investigative series on the McColo botnet is estimated to have led to a 40-70% decline in junk e-mail sent worldwide. Unfortunately for Krebs, he's also well known to criminals. In 2013 he became one of the first journalists to be
a victim of Swatting and a few months later a
package of heroin was delivered to his home. Brian has agreed to give us some of his time and answer any questions you may have about crime and cybersecurity. As usual,
ask as many as you'd like, but please, one per post.
Read Replies (0)
By Soulskill from
Slashdot's software-complexity-breeds-security-researchers department:
An anonymous reader notes a report from El Reg on
a major cross-app resource vulnerability in iOS and Mac OS X. Researchers say it's possible to break app sandboxes, bypass App Store security checks, and crack the Apple keychain. The researchers wrote, "specifically, we found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL Scheme on OS X and iOS, can all be exploited by [malware] to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote. Further, the design of the App sandbox on OS X was found to be vulnerable, exposing an app’s private directory to the sandboxed malware that hijacks its Apple Bundle ID. As a result, sensitive user data, like the notes and user contacts under Evernote and photos under WeChat, have all been disclosed. Fundamentally, these problems are caused by the lack of app-to-app and app-to-OS authentications." Their
full academic paper (PDF) is available online, as are
a series of video demos. They withheld publication for six months at Apple's request, but haven't heard anything further about a fix.
Read Replies (0)