More than 11 million HTTPS websites imperiled by new decryption attack

Low-cost DROWN attack decrypts data in hours, works against TLS e-mail servers, too.
Source: Ars Technica - Read the full article. Read more

Posted in Web Security. Tagged as hacking, security.

The Tor network and your security.

The National Security Agency has made repeated attempts to develop attacks against people using Tor, a popular tool designed to protect online anonymity, despite the fact the software is primarily funded and promoted by the US government itself.

Top-secret NSA documents, disclosed by whistleblower Edward Snowden, reveal that the agency's current successes against Tor rely on identifying users and then attacking vulnerable software on their computers. One technique developed by the agency targeted the Firefox web browser used with Tor, giving the agency full control over targets' computers, including access to files, all keystrokes and all online activity.

But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled 'Tor Stinks', states: "We will never be able to de-anonymize all Tor users all the time." It continues: "With manual analysis we can de-anonymize a very small fraction of Tor users," Read more

Posted in Online Security. Tagged as privacy, security.