30 matches found
Signal’s Creator Is Helping Encrypt Meta AI
Moxie Marlinspike says the technology powering his encrypted AI chatbot, Confer, will be integrated into Meta AI. The move could help protect the AI conversations of millions of people...
Signal Adds Cryptocurrency Support
According to Wired, Signal is adding support for the cryptocurrency MobileCoin, "a form of digital cash designed to work efficiently on mobile devices while protecting users privacy and even their anonymity." Moxie Marlinspike, the creator of Signal and CEO of the nonprofit that runs it, describe...
Signal 2.0 — Free iPhone App for Encrypted Calls and Texts
An open source software group, Open Whisper Systems, has announced the release of Signal 2.0 — the second version of its free and open source messaging application for iPhone and iPad users. Signal app is specifically designed to make secure and easy-to-use encrypted voice calling. But that’s wha...
WhatsApp Adds Encryption by Default to Android App
WhatsApp, a massively popular messaging app, recently added end-to-end encryption for some mobile clients, a move that brings a high level of security to millions of users. The change is the result of a partnership with Open Whisper Systems, the secure text and mobile OS company started by securi...
New Signal App Brings Encrypted Calling to iPhone
iPhone users concerned about government surveillance efforts putting unencrypted calls at risk now have a free app at their disposal that brings secure communication to the Apple phone. Open WhisperSystems, developers of RedPhone for Android, have developed a similar app for iPhone called Signal,...
Moxie Marlinspike on TextSecure CyanogenMod integration
Moxie Marlinspike Moxie Marlinspike has published landmark research on SSL vulnerabilities, taken on certificate authorities and even built an alternative to CAs as we know them today called Convergence. But now that government surveillance and online privacy have been elevated to mainstream...
TextSecure Integrated into CyanogenMod SMS App for Android
With the depths of domestic government surveillance still not fully realized, secure communications capabilities are at a premium, especially for the privacy conscious. Already, we’ve seen some services such as Lavabit and Silent Circle’s Silent Mail shudder operations rather than hand over...
Groundbreaking Cyber Fast Track Research Program Ending
VANCOUVER–When Peiter Zatko, the security researcher and pioneering hacker known as Mudge, joined the federal government several years ago to help run a DARPA research program, some in the security industry wondered what effect someone with his background could have in an organization as famously...
SuSE 11 Security Update : Mozilla (SAT Patch Number 1304)
Mozilla Thunderbird was updated to version 2.0.0.23. The release fixes one security issue: MFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities CA which...
Moxie Marlinspike Leaving Twitter Security Team
Twitter has been collecting a lot of security talent in the last year or so, but now a major piece of the company’s security team is leaving. Moxie Marlinspike, the creative security and privacy researcher who founded Whisper Systems, which was acquired by Twitter in 2011, said on Friday that he ...
Researcher Charlie Miller Joins Twitter Security Team
Twitter quietly is assembling a serious security team, with the most recent addition being Charlie Miller, the security researcher known for finding a long line of bugs in the iPhone and other Apple products. Miller, a respected and prolific researcher, will join the social network’s security tea...
Scientific Linux Security Update : seamonkey on SL3.x i386/x86_64
CVE-2009-2404 nss regexp heap overflow Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library provided by SeaMonkey used to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger...
New Tool From Moxie Marlinspike Cracks Some Crypto Passwords
Moxie Marlinspike, the security and privacy researcher known for his SSLStrip, Convergence and RedPhone tools, has released a new tool that can crack passwords used for some VPNs and wireless networks that rely on encryption using Microsoft’s MS-CHAPv2 protocol. Marlinspike discussed the tool...
Moxie Marlinspike on TACK, Convergence and Trust Agility
Dennis Fisher talks with Moxie Marlinspike about his new IETF proposal, TACK, which lays out a way for sites to assert the authenticity of their public keys. They also discuss the Convergence system for replacing the CA infrastructure and the ways in which browser vendors can help enable better...
Black Hat: SSL and the Future of Authenticity
The inherent problems with the certificate authority infrastructure have been known for a long time, but they’ve become even more obvious with the news of the recent compromise of DigiNotar, which resulted in the issuance of a slew of fraudulent SSL certificates. In this talk from the Black Hat U...
Device-Level Encryption Comes to Android
As attacks on mobile devices such as iPhones, iPads, Android phones and tablets have surged in recent months, security researchers and customers have continued to look for ways to lock down their devices and protect the data they store on them. Whisper Systems has jumped into the fray with...
Google Flaw Allowed Easy 'E-mail Harvesting'
An issue with Google Apps over the weekend sent the company scrambling to fix a hole in its Script API. The problem allowed a specific domain to harvest the e-mail addresses of anyone who visited the site while logged into their Google account, according to a report on InfoSecurity. After visitin...
Moxie Marlinspike on RedPhone, TextSecure and Internet Privacy
Dennis Fisher talks with security researcher Moxie Marlinspike about his new startup, Whisper Systems, his RedPhone and TextSecure voice and data encryption software and the challenges of maintaining privacy in the Google Age. Podcast audio courtesy of sykboy65 Subscribe to the Digital Undergroun...
SuSE 10 Security Update : Mozilla NSS (ZYPP Patch Number 6541)
The Mozilla NSS security framework was updated to version 3.12.3.1. - Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services NSS before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger AIM, allows remote SSL...
openSUSE 10 Security Update : libfreebl3 (libfreebl3-6494)
The Mozilla NSS and dependend libraries were updated to fix various issues. CVE-2009-2404 / MFSA 2009-43 : Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services NSS before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Insta...