Microsoft Wins Widespread Support in Privacy Clash With Govt.

Microsoft’s lawsuit against the U.S. government for the right to tell its customers when a federal agency is looking at their emails is getting widespread support by privacy advocates. For many, Microsoft’s stance lends an important and powerful voice to ongoing efforts to reform the Electronic...

How Certificate Transparency Monitoring Tool Helped Facebook Early Detect Duplicate SSL Certs

Earlier this year, Facebook came across a bunch of duplicate SSL certificates for some of its own domains and revoked them immediately with the help of its own Certificate Transparency Monitoring Tool service. Digital certificates are the backbone of our secure Internet, which protects sensitive...

What is Certificate Transparency? How It helps Detect Fake SSL Certificates

Do you know there is a huge encryption backdoor still exists on the Internet that most people don't know about? I am talking about the traditional Digital Certificate Management System… the weakest link, which is completely based on trust, and it has already been broken several times. To ensure t...

Reddit Removes NSL Warrant Canary from Transparency Report

Reddit’s latest transparency report is missing a nugget of information that was present in a previous report. Last year’s report included a warrant canary which stated that as of Jan. 29, 2015, Reddit had never received a National Security Letter, Foreign Intelligence Surveillance Court order or...

Uber Bug Bounty Rewards Loyalty, Promises Transparency

Uber’s bug bounty program emerged from private beta mode yesterday, which it used as a feedback forum for participants in order to develop the public program. “This was pretty unique in its approach,” said HackerOne CTO Alex Rice. Uber’s program is built on the HackerOne platform, and Uber...

Requests for Yahoo User Data Spiked After Paris Terror Attacks

Yahoo’s latest transparency report, published today, reflects a spike in government and law enforcement requests for user data following the Paris terrorist attacks of Nov. 13. The attacks resulted in the deaths of 130 people and injuries to more than 350 others; the situation remains fluid with...

Nearly Two Years After Heartbleed OpenSSL Operating With Renewed Vision

SAN FRANCISCO—Experts have stressed this week that DROWN is no Heartbleed, but at some point in the not too distant future, there’s going to be another major Internet vulnerability and developers at OpenSSL claim they’re battle tested. Rich Salz and Tim Hudson, members of OpenSSL’s development...

Misissued certificates

Security Misissued certificates Share October 29th, 2015 Recently, Google found a google.com pre-certificate in a CT log, without having ordered one. This lead to a series of incidents, also involving Opera and its security team. The backstory Google promptly contacted Symantec who had issued the...

Latest Microsoft Transparency Report Details Content Removal Requests

Microsoft launched a new transparency website this week that bundles reports detailing requests for data the company has received, including those from law enforcement, the government, and elsewhere. The page, which Microsoft is calling its Transparency Hub, is somewhat similar to what Apple did...

Yahoo Transparency Report Shows Requests for Data Up

Yahoo this week published its transparency report for the first six months of the year and the numbers indicate that government requests for data on its users are up slightly after sharp dropoff for the report covering the last six months of 2014. Yahoo said that it received 5,221 government data...

New Rules Require FBI to Get Warrant for Spying With ‘Stingrays’ Cell Phone Trackers

Remember StingRays? The controversial cell phone spying tool, known as "Stingrays" or "IMSI catchers," has been used by authorities to track criminal suspects most of the times without obtaining court orders. But now, the Federal law agencies will have to be more transparent about their use of...

Hewlett-Packard KeyView IDOL GIF Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard KeyView IDOL. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the handling...

Twitter Adds Email Privacy Data to Transparency Report

The number of information requests Twitter is receiving from the United States government is increasing steadily, having risen roughly 50 percent in the first six months of this year compared to the last six months of 2014. In its latest transparency report, Twitter said that it received 2,436...

CloudFlare Transparency Report Shows Spike in Court Orders

In its latest transparency report, CloudFlare says that the number of subpoenas it has received has remained steady since last year, but the volume of court orders has more than doubled since the second half of last year. While much of the data from CloudFlare’s report for the first half of 2015...

Major Carriers AT&T, Comcast Continue to Lag in EFF Privacy Report

While many companies have made strides when it comes to how they handle transparency and government requests post-Snowden, major telecoms such as AT&T and Verizon continue to lag behind. Despite publishing transparency reports within the last year, the two companies scored the lowest on the...

Amazon Transparency Report Shows Few Requests For User Data

Amazon has released its first transparency report, and for a company as large as Amazon, there is surprisingly little in the way of detail or explanation in the report. The company reported that it received 813 subpoenas, 25 search warrants, and 0-249 national security requests. Of the 813...

DigiCert Offers Continuous Monitoring of Digital Certificates to Defeat Fraud

It’s an interesting time for certificate authorities. On the one hand, interest has never been higher in Web encryption, privacy and transport security, thanks to Edward Snowden. But on the other hand, the last few years has seen a steady stream of compromises of CAs, mis-issued certificates and...

Snapchat Publishes First Transparency Report

Snapchat has released its first transparency report, covering a four-month period from November through February, and the data shows that the company didn’t receive any National Security Letters and got fewer than 400 total requests for data from the United States government. Snapchat, a Californ...

Dennis Fisher and Mike Mimoso on the Android App-Replacement Vulnerability, Windows Privilege Escalation and More

Dennis Fisher and Mike Mimoso discuss the news of the week, including the Android app-replacement vulnerability, the Windows privilege escalation bug and the Yahoo transparency report and the company’s crypto efforts. Download: digitalunderground192.mp3 Music by Chris Gonsalves...

U.S. Government Requests for Yahoo User Data Drop

Yahoo received nearly 5,000 requests for user data from the United States government in the last six months of 2014 and disclosed some content in nearly 25 percent of those cases. The company said in its new transparency report that it received between 0-999 National Security Letters from the U.S...