We recently discussed the potential security and privacy issues surrounding the Internet of Things (IoT) – the rapidly growing network of “smart” devices we use that are connected via the Internet. Unfortunately, security and privacy are not necessarily high priorities for many technology companies. They are in a race to develop features that will establish their […]
The Internet of Things (IoT) is a term meaning the network of physical things that collect and exchange data – a network of “smart” devices connected by the Internet.
If you live in a country that uses central heating systems and you recently installed a boiler, you might be part of the IoT – you […]
The UK’s parliament is currently debating the Investigatory Powers bill, known as the snoopers’ charter. This is its second reading – if it passes the vote it will proceed to committee stage. A good rolling commentary can be found here.
We’ve already discussed the flaws of the bill here, here and most recently here, particularly […]
Lately, the DROWN SSL vulnerability has been in the news. It brings to mind 2014’s POODLE vulnerability, which has some similarities.
Both are issues with obsolete SSL versions. When they connect, many SSL/TLS clients will try the highest version they support, say TLS 1.2. If the handshake (the connection establishment process) fails, the client tries lower versions in […]
There’s a new SSL/TLS attack called DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). It’s not quite as bad as Heartbleed, but it potentially affects a significant percentage of HTTP servers (33%!), as well as mail servers and anything else using SSL.
The vulnerability is in the obsolete SSL 2.0 protocol – fortunately not supported by our server, CompleteFTP, which […]
On 1 March, the UK’s Investigatory Powers Bill (or snooper’s charter) was introduced to the House of Commons. It will go through the normal parliamentary processes for a bill, and the government hopes to have the legislation finalised by December 2016.
This is astonishingly fast when just three weeks ago, the latest committee to report on the draft […]
Apple is currently battling the FBI, who wants to force Apple to create a version of iOS that enables it to unlock a domestic terrorist’s iPhone.
But this isn’t the only case Apple is fighting regarding the unlocking of iPhones. The DEA went to court to force Apple to unlock an iPhone involved in a drug case, and just lost. Again, the […]
We wrote recently that Apple has refused the FBI’s request to create a new version of the iPhone’s operating system. The FBI wants a version of iOS that will allow the FBI to unlock the iPhone belonging to one of the San Bernardino shooters. They explain why here and here.
When the FBI obtained a court order, […]
Last year we looked at the United Kingdom’s draft Investigatory Powers Bill (known as the snooper’s charter”), and criticized the requirement for vendors to install “back doors” into their software that governments could access to decrypt user data.
This would be costly for vendors to maintain, result in a significant security vulnerability, and drive users to […]
Blockchain technology is starting to get attention in banking circles, as its tremendous potential for banking transactions becomes apparent. It was invented by Satoshi Nakamoto (a nom de plume – his or her identity is unknown!) as the key technology comprising the Bitcoin crypto-currency system, first detailed here.
What is a blockchain? Put simply, it is a distributed ledger of transactions. Multiple copies exist at […]