Here is our latest news roundup of articles about network and SSL security. Click here to see the whole series.
SSL & Encryption News
- Google Chrome 40 was released on January 23, which means we’re only one version away from the deprecation of SHA-1 which is scheduled for version 41.
- Mozilla Firefox announced that they will soon not trust 1024-bit SSL root certificates.
- DigiCert’s CT log was approved and will be included in Google Chrome in February. DigiCert is the first and currently only Certificate Authority approved to operate a Certificate Transparency log.
Data Security
- Ladar Levision, founder of the now defunct Lavabit email service, is working on a new email project that encrypts all emails by default.
- Gogo in-flight Internet sets up man-in-the-middle attacks with fake SSL Certificates.
- 2014 was fraught with data breaches, but the upside could mean more funds for better data security.
- President Obama’s State of the Union address brings cybersecurity into the national spotlight (the full transcript can be found here).
- Missed the kick-off for Data Privacy Day? Watch it here.
- Federal Trade Commission discusses the Internet of Things, its benefits and risks, and efforts to secure it.
Vulnerabilities
- Four updates released by OpenSSL fix multiple moderate to low risk vulnerabilities found in OpenSSL.
- Microsoft announced that they will be disabling SSL 3.0 in Azure storage on February 20, 2015.
- Nineteen major vulnerabilities found in Java are addressed with Oracle’s new updates, the updates also disable SSL 3.0 by default.
- Qualys discovered a major vulnerability in Linux systems known as the GHOST attack. GHOST allows an attacker access to a system without needing system credentials.
- Adobe released patches for two zero-day vulnerabilities found in the Adobe Flash Player.
Malware
- A new variation of CBT-Locker Ransomware, disguised as a fax tricks thousands in South America and Eastern Europe.
Data Breaches
- Topface, a dating site, suffered a data breach, resulting in 20 million usernames and email addresses being stolen.