Bleeping Computer: Extended Validation (EV) Certificates Abused to Create Insanely Believable Phishing Sites

Bleeping Computer: Extended Validation (EV) Certificates Abused to Create Insanely Believable Phishing Sites. “New research published yesterday reveals that putting your trust in Extended Validation (‘EV’) SSL certificates will not safeguard you from phishing sites and online fraud.”

Wired: How To Encrypt All Of The Things

Wired: How To Encrypt All Of The Things. “CRYPTOGRAPHY WAS ONCE the realm of academics, intelligence services, and a few cypherpunk hobbyists who sought to break the monopoly on that science of secrecy. Today, the cypherpunks have won: Encryption is everywhere. It’s easier to use than ever before. And no amount of handwringing over its surveillance-flouting powers from an FBI director or attorney general has been able to change that.”

Ars Technica: Flaw crippling millions of crypto keys is worse than first disclosed

Ars Technica: Flaw crippling millions of crypto keys is worse than first disclosed. “A crippling flaw affecting millions—and possibly hundreds of millions—of encryption keys used in some of the highest-stakes security settings is considerably easier to exploit than originally reported, cryptographers declared over the weekend. The assessment came as Estonia abruptly canceled 760,000 national ID cards used for voting, filing taxes, and encrypting sensitive documents.”

New York Times: The New York Times is Now Available as a Tor Onion Service

New York Times: The New York Times is Now Available as a Tor Onion Service. “The New York Times reports on stories all over the world, and our reporting is read by people around the world. Some readers choose to use Tor to access our journalism because they’re technically blocked from accessing our website; or because they worry about local network monitoring; or because they care about online privacy; or simply because that is the method that they prefer. The Times is dedicated to delivering quality, independent journalism, and our engineering team is committed to making sure that readers can access our journalism securely. This is why we are exploring ways to improve the experience of readers who use Tor to access our website.”

Neowin: More Chrome traffic is encrypted than ever before

Neowin: More Chrome traffic is encrypted than ever before. “Google has issued a new transparency report which details how much Chrome traffic is encrypted across different platforms. Some highlights from the data are that 64% of Chrome traffic on Android is now using HTTPS encryption compared to 42% a year ago, over 75% of Chrome traffic on ChromeOS and the Mac is now protected – that’s up from 67% and 60% respectively, and that 71 of the top 100 sites on the web now use HTTPS by default, up from 37 a year ago.”

ZDNet: Here’s every patch for KRACK Wi-Fi vulnerability available right now

ZDNet: Here’s every patch for KRACK Wi-Fi vulnerability available right now . “In total, ten CVE numbers have been preserved to describe the vulnerability and its impact, and according to the US Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. Who’s on top of the game?”

Ars Technica: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Ars Technica: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping. “An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points. The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks.”