TechCrunch: These are all the federal HTTPS websites that’ll expire soon because of the US government shutdown

TechCrunch: These are all the federal HTTPS websites that’ll expire soon because of the US government shutdown . “During the government shutdown, security experts noticed several federal websites were throwing back browser errors because the TLS certificate, which lights up your browser with ‘HTTPS’ or flashes a padlock, had expired on many domains. And because so many federal workers have been sent home on unpaid leave — or worse, working without pay but trying to fill in for most of their furloughed department — expired certificates aren’t getting renewed. Renewing certificates doesn’t take much time or effort — sometimes just a click of a mouse. But some do cost money, and during a government shutdown, there isn’t any. Depending on the security level, most websites will kick back browser errors. Some won’t let you in at all until the expired certificate is renewed.”

CBR: US TLS Certificates Left to Die As 20th Day of Shutdown Passes

CBR: US TLS Certificates Left to Die As 20th Day of Shutdown Passes. “As 400,000 federal staff are furloughed and many received a pay check this week that had zero dollars in it, government employees are remaining at home, while essential staff are calling in sick in protest. This is causing the day-to-day maintenance and upkeep of department websites to lag into dangerous territory. It is estimated that over 80 websites with the .gov domain now have expired TLS certificates as no IT staff are currently being paid to maintain the .gov websites.”

Engadget: Signal says it can’t allow government access to users’ chats

Engadget: Signal says it can’t allow government access to users’ chats. “Last week, the Australian government passed the country’s controversial Access and Assistance Bill 2018 into law, legislation that allows government agencies to demand access to encrypted communications. Companies that don’t comply with the new law could face fines of up to AU$10 million ($7.3 million). A number of companies that stand to be affected have spoken out about the legislation, and Signal has now joined in, explaining that it won’t be able to fulfill such requests if asked.”

TechCrunch: Australia passes ‘dangerous’ anti-encryption law after bipartisan compromise

TechCrunch: Australia passes ‘dangerous’ anti-encryption law after bipartisan compromise. “Australia’s controversial anti-encryption bill is one step closer to becoming law, after the two leading but sparring party political giants struck a deal to pass the legislation. The bill, in short, grants Australian police greater powers to issue ‘technical notices’ — a nice way of forcing companies — even websites — operating in Australia to help the government hack, implant malware, undermine encryption or insert backdoors at the behest of the government.”

The Register: Sorry, we haven’t ACLU what happened in sealed ‘Facebook decryption’ case, but let’s find out

The Register: Sorry, we haven’t ACLU what happened in sealed ‘Facebook decryption’ case, but let’s find out. “The American Civil Liberties Union (ACLU) has filed a motion to find out what went on in a court case in which the US Department of Justice allegedly tried to make Facebook give it unencrypted access to Messenger calls.”

Krebs on Security: Half of all Phishing Sites Now Have the Padlock

Krebs on Security: Half of all Phishing Sites Now Have the Padlock. “Maybe you were once advised to ‘look for the padlock’ as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”.”

Ars Technica: Google adds always-on VPN to its Project Fi cellular service

Ars Technica: Google adds always-on VPN to its Project Fi cellular service. “Today, Google announced a new feature for its Project Fi cellular service: an always-on VPN. Project Fi’s VPN previously was used to encrypt traffic while connecting to a network of free public Wi-Fi hotspots, but now Google will enable the VPN for all your traffic, be it over the LTE service or a Wi-Fi connection.”