linux – Page 2 – SSL and internet security news

Cryptkeeper Bug

February 7, 2017 infossl

backdoors, encryption, linux, Security technology, securityengineering

The Linux encryption app Cryptkeeper has a rather stunning security bug: the single-character decryption key “p” decrypts everything: The flawed version is in Debian 9 (Stretch), currently in testing, but not in Debian 8 (Jessie). The bug appears to be a result of a bad interaction with the encfs encrypted filesystem’s command line interface: Cryptkeeper … Read More “Cryptkeeper Bug” »

Firefox Removing Battery Status API

November 7, 2016 infossl

academicpapers, browsers, firefox, identification, linux, privacy, Security technology, tracking

Firefox is removing the battery status API, citing privacy concerns. Here’s the paper that described those concerns: Abstract. We highlight privacy risks associated with the HTML5 Battery Status API. We put special focus on its implementation in the Firefox browser. Our study shows that websites can discover the capacity of users’ batteries by exploiting the … Read More “Firefox Removing Battery Status API” »