SSL and internet security news – Page 4 – Informations about SSL certificates and networks security

Digital Threat Modeling Under Authoritarianism

September 26, 2025 infossl

computer security, encryption, privacy, Security technology, threat models, Uncategorized

Today’s world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media requires us to assess risks and make judgments accordingly. Arriving at any conclusion is an … Read More “Digital Threat Modeling Under Authoritarianism” »

Malicious-Looking URL Creation Service

September 25, 2025 infossl

phishing, Security technology, spoofing, Uncategorized

This site turns your URL into something sketchy-looking. For example, www.schneier.com becomes https://cheap-bitcoin.online/firewall-snatcher/cipher-injector/phishing_sniffer_tool.html?form=inject&host=spoof&id=bb1bc121&parameter=inject&payload=%28function%28%29%7B+return+%27+hi+%27.trim%28%29%3B+%7D%29%28%29%3B&port=spoof. Found on Boing Boing. Powered by WPeMatico

US Disrupts Massive Cell Phone Array in New York

September 24, 2025 infossl

cell phones, cyberattack, denial of service, infrastructure, Security technology, telecom, Uncategorized

This is a weird story: The US Secret Service disrupted a network of telecommunications devices that could have shut down cellular systems as leaders gather for the United Nations General Assembly in New York City. The agency said on Tuesday that last month it found more than 300 SIM servers and 100,000 SIM cards that … Read More “US Disrupts Massive Cell Phone Array in New York” »

Apple’s New Memory Integrity Enforcement

September 23, 2025 infossl

apple, cybersecurity, hardware, integrity, Security technology, Uncategorized, vulnerabilities

Apple has introduced a new hardware/software security feature in the iPhone 17: “Memory Integrity Enforcement,” targeting the memory safety vulnerabilities that spyware products like Pegasus tend to use to get unauthorized system access. From Wired: In recent years, a movement has been steadily growing across the global tech industry to address a ubiquitous and insidious … Read More “Apple’s New Memory Integrity Enforcement” »

Details About Chinese Surveillance and Propaganda Companies

September 22, 2025 infossl

censorship, china, leaks, privacy, propaganda, Security technology, surveillance, Uncategorized

Details from leaked documents: While people often look at China’s Great Firewall as a single, all-powerful government system unique to China, the actual process of developing and maintaining it works the same way as surveillance technology in the West. Geedge collaborates with academic institutions on research and development, adapts its business strategy to fit different … Read More “Details About Chinese Surveillance and Propaganda Companies” »

Friday Squid Blogging: Giant Squid vs. Blue Whale

September 19, 2025 infossl

Security technology, squid, Uncategorized

A comparison aimed at kids. Powered by WPeMatico

Surveying the Global Spyware Market

September 19, 2025 infossl

reports, Security technology, spyware, Uncategorized

The Atlantic Council has published its second annual report: “Mythical Beasts: Diving into the depths of the global spyware market.” Too much good detail to summarize, but here are two items: First, the authors found that the number of US-based investors in spyware has notably increased in the past year, when compared with the sample … Read More “Surveying the Global Spyware Market” »

Time-of-Check Time-of-Use Attacks Against LLMs

September 18, 2025 infossl

academic papers, cyberattack, LLM, Security technology, Uncategorized, vulnerabilities

This is a nice piece of research: “Mind the Gap: Time-of-Check to Time-of-Use Vulnerabilities in LLM-Enabled Agents“.: Abstract: Large Language Model (LLM)-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security implications. While prior work has examined prompt-based attacks (e.g., prompt injection) and data-oriented threats (e.g., data … Read More “Time-of-Check Time-of-Use Attacks Against LLMs” »

Microsoft Still Uses RC4

September 16, 2025 infossl

algorithms, microsoft, ransomware, RC4, Security technology, Uncategorized

Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft over its continued use of the RC4 encryption algorithm. The letter talks about a hacker technique called Kerberoasting, that exploits the Kerberos authentication system. Powered by WPeMatico

Lawsuit About WhatsApp Security

September 15, 2025 infossl

facebook, Security technology, Uncategorized, vulnerabilities, whatsapp, whistleblowers

Attaullah Baig, WhatsApp’s former head of security, has filed a whistleblower lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws, in violation of its 2019 settlement agreement with the Federal Trade Commission. The lawsuit, alleging violations of the whistleblower protection provision of the Sarbanes-Oxley Act passed in 2002, said that in … Read More “Lawsuit About WhatsApp Security” »