ssl

After updating to OS X 10.8.2, a number of people who use Apple's Parental Controls feature have reported that it is rejecting all Web sites that use the secure HTTPS protocol, which can include financial and educational sites, but also some popular commercial sites like Google.

Parental Controls allows an administrator to set time limits and content filters for a specific user account, including restrictions on Web access. Since secured Web sites that use the HTTP protocol cannot be properly examined for approval by this service, when site filtering is enabled they are blocked by default and … Read more

Hackers have released a program they assert will allow a single computer to take down a Web server using a secure connection.

The THC-SSL-DOS tool, which was released today, purportedly exploits a flaw in Secure Sockets Layer (SSL) renegotiation protocol by overwhelming the system with multiple requests for secure connections. SSL renegotiation allows Web sites to create a new security key over an already established SSL connection.

A German group known as Hackers Choice said it released the exploit to bring attention to flaws in SSL, which allows sensitive data to flow between Web sites and an individual user's … Read more

Google announced today that it will encrypt by default Web searches and results for users who are signed in.

People who don't have a Google account or are signed out can go directly to https://www.google.com, the company said in a blog post.

Encrypting the communications between an end user and the Google search engine servers will protect against snooping by anyone who might be sniffing on an unsecured Wi-Fi network, for instance. Secure Sockets Layer (SSL) is available now for Web search, image search and all the search modes except for Maps, Google said in this … Read more

Browser makers are devising ways to protect people from a security protocol weakness that could let an attacker eavesdrop on or hijack protected Internet sessions. Potential solutions include a Mozilla option to disable Java in Firefox.

The problem--considered theoretical until a demonstration by researchers Juliano Rizzo and Thai Duong at a security conference in Argentina last week--is a vulnerability in SSL (Secure Sockets Layer) and TLS (Transport Layer Security) 1.0, encryption protocols used to secure Web sites that are accessed using HTTPS (Secure Hypertext Transfer Protocol).

The researchers created software called BEAST (Browser Exploit Against SSL/TLS) that can … Read more

Dutch certificate authority DigiNotar is closing up shop following a recent hacking attack that caused it to issue a series of phony online security certifcates.

Parent company Vasco announced the bankruptcy filing yesterday, explaining that a trustee will work with the court as DigiNotar goes through the bankruptcy process.

Vasco is also currently analyzing the extent of the damage caused by the cyberattack.

"We are working to quantify the damages caused by the hacker's intrusion into DigiNotar's system and will provide an estimate of the range of losses as soon as possible, "Cliff Bown, Vasco's … Read more

The owner of the Qwikster Twitter handle is banking on selling it to Netflix, Verizon unveils a $99 4G LTE capable smartphone, and Google Wallet finally launches with support only on Sprint's Nexus S 4G phone so far.

Links from Tuesday's episode of Loaded:

Following his recent attack against Dutch security company DigiNotar, the hacker known as Comodohacker is now threatening to exploit Microsoft's Windows Update service.

In another message posted on Pastebin last week touting his cyberattacks, the infamous hacker claims that he's able to issue phony Windows updates despite Microsoft's assertion to the contrary.

"I'm able to issue Windows update--Microsoft's statement about Windows Update and that I can't issue such update is totally false," proclaimed Comodohacker. "I already reversed ENTIRE Windows update protocol, how it reads XMLs via SSL which includes URL, KB … Read more

Google is telling people in Iran to change their passwords and take other security precautions in the wake of an Internet attack in which the google.com domain was spoofed.

"We learned last week that the compromise of a Dutch company involved with verifying the authenticity of websites could have put the Internet communications of many Iranians at risk, including their Gmail," Eric Grosse, Google's vice president of security engineering, wrote in a blog post last night.

"While Google's internal systems were not compromised, we are directly contacting possibly affected users and providing similar information … Read more

A second company that provides digital certificates used to authenticate Web sites won't be issuing them while it investigates whether it has been compromised as a hacker has claimed.

A hacker who goes by the alias "Ich Sun" has taken responsibility for a recent breach at Dutch certificate authority DigiNotar that resulted in more than 500 SSL (Secure Sockets Layer) certificates being fraudulently issued, including one that was used to spoof Google.com.

The self-proclaimed Iranian patriot, who was behind a hack on certificate authority Comodo this spring, says he has hacked four or more certificate authorities, … Read more