Items tagged with HTTPS

At the behest of President Obama, Federal Chief Information Officer Tony Scott yesterday issued Memorandum M-15-13 calling for the provision of government service for all Federal websites via HTTPS (Hypertext Transfer Protocol Secure).  The HTTPS standard was described by the American Civil Liberties Union (ACLU) as a "great first step", this despite it being written off as a "top-down solution" by a database administrator for NASA.  Memorandum M-15-13 explicitly states that "All browsing activity should be considered private and sensitive." It also provides guidance to... Read more...
After taking heavy fire in a California court from plaintiffs who contend its Gmail data mining practices within Google Apps for Education are illegal, Google is changing its practices so that it’s not possible to scan those users’ emails for advertising purposes. Further, “We’ve permanently removed the “enable/disable” toggle for ads in the Apps for Education Administrator console,” wrote Google for Education’s Bram Bout. “This means ads in Apps for Education services are turned off and administrators no longer have the option or ability to... Read more...
Terrible news, everyone: There’s a coding error in the OpenSSL cryptographic software library that allows anyone with the right tools and a little know-how to access secret encryption keys, usernames, passwords, and even content on sites using OpenSSL for protection. That includes roughly two-thirds of the Internet’s web servers, according to Ars Technica. The problem with the so-called Heartbleed bug is that there’s a missing bounds check. “By abusing this mechanism, an attacker can request that a running TLS server hand over a relatively large slice (up to 64KB) of its... Read more...
Security researcher Carlos Reventlov discovered a vulnerability in Instagram version 3.1.2 on the iPhone 4 (iOS 6) that leaves users’ Instagram accounts open to attacks. Specifically, users are at risk for partial eavesdropping and man-in-the-middle attacks that a ne’er-do-well could use to delete photos or even take over a user’s account and download private photos. Instagram’s login and profile data are sent via a secure HTTPS connection, but other requests are sent through plain ‘ol HTTP that uses only an unencrypted cookie for authentication. If an attacker is... Read more...