The Intercept: NYU Accidentally Exposed Military Code-breaking Computer Project To Entire Internet

The Intercept: NYU Accidentally Exposed Military Code-breaking Computer Project To Entire Internet. “In early December 2016, Adam was doing what he’s always doing, somewhere between hobby and profession: looking for things that are on the internet that shouldn’t be. That week, he came across a server inside New York University’s famed Institute for Mathematics and Advanced Supercomputing, headed by the brilliant Chudnovsky brothers, David and Gregory. The server appeared to be an internet-connected backup drive. But instead of being filled with family photos and spreadsheets, this drive held confidential information on an advanced code-breaking machine that had never before been described in public. Dozens of documents spanning hundreds of pages detailed the project, a joint supercomputing initiative administered by NYU, the Department of Defense, and IBM. And they were available for the entire world to download.”

CBR: Symantec dealt major blow as Google loses trust in security certificates

CBR: Symantec dealt major blow as Google loses trust in security certificates. “Google are aiming to boost the confidence of Chrome users with engineers announcing plans to reduce trust in Symantec certificates. This gradual shift is set to reach a point in early 2018 when Chrome 64 will only trust certificates that are issued from Symantec for 279 days or less. The scale of the misissuance by Symantec has exploded from an initial 127 certificates under scrutiny, to a figure noted as at least 30,000.”

WIRED: After 3 Years, Why Gmail’s End-to-End Encryption Is Still Vapor

WIRED: After 3 Years, Why Gmail’s End-to-End Encryption Is Still Vapor. “NEARLY THREE YEARS have passed since Google announced it would offer an end-to-end encryption add-on for Gmail, a potentially massive shift in the privacy options of a piece of software used by more than a billion people. It still hasn’t materialized. And while Google insists its encryption plugin isn’t vaporware, the company’s latest move has left critics with the distinct impression that Gmail’s end-to-end encrypted future looks cloudy at best—if not altogether evaporated.”

PC World: Google’s Collision Shakes Up Computer Cryptography

PC Magazine: Google’s Collision Shakes Up Computer Cryptography. “after years of trying, Google found a way to crack the SHA-1 cryptographic hash function, a security building block that enables digital signatures and HTTPS encryption. Cracking SHA-1 requires creating a cryptographic hash collision, which is essentially when a single hash, or ‘digest’ applies to two different files.”

Washington Post: Here’s why your browser may tell you the White House website isn’t secure

The security certificate for WhiteHouse.gov is apparently invalid at this writing. “Experts told the Post that the messages are appearing because the site’s security certificate — or, very simply put, the thing that verifies that a site is what it says it is — isn’t valid. It appears the White House’s equipment isn’t configured correctly, and the old certificate was revoked or allowed to expire without getting replaced, said Kenneth White of the Open Crypto Audit project, a nonprofit dedicated to improving cybersecurity. There are perhaps hundreds of pieces of equipment and servers that need to be just right to keep the White House site up and running correctly, so it’s easy to miss something, he said.”