ssl
Latest
The bootleg Nintendo Network replacement no longer requires jailbreaking
The Pretendo Network, an open-source Nintendo Network alternative, no longer requires a hacked Wii U console. With Nintendo’s servers for the obsolete console shutting down on Monday, the Pretendo Network shared a new workaround that provides limited access to its homebrew servers.
Spotify's podcast hosting service went down because of a lapsed security certificate
All shows hosted on Megaphone were unavailable for several hours due to the slip up.
A health-monitoring app for Olympic attendees reportedly has glaring security issues
Researchers said passport details, voice audio and other data are vulnerable in the MY2022 app.
SSL's UF8 DAW controller is a luxury in search of an audience
Solid State Logic’s UF8 gives your DAW's controls a physical incarnation. It’s not the first mixing controller, nor is it the cheapest, but it’s one of the more comprehensive.
SSL's UF8 adds physical controls to your virtual music studio
Solid State Logic’s UF8 gives you immediate access to eight tracks in your DAW (digital audio workstation) of choice — be that Ableton, Pro Tools or Logic complete with high-resolution faders for controlling you volume levels.
Microsoft Teams went down because of an expired certificate
This morning, Microsoft Teams went down for a few hours, and it seems that a pretty rookie mistake is to blame. Microsoft apparently forgot to renew the SSL certificate, which allows a secure connection between a web browser and a web server. As a result, the app told users that it failed to establish an HTTPS connection to Microsoft's servers.
Pro audio giant Solid State Logic makes a play for bedroom producers
Solid State Logic is a big name in the pro audio space, but it's entering a new category by serving a very different customer: the bedroom producer with a tight budget. Its first dedicated audio interfaces, the USB-based SSL 2 and 2+, aim to translate the company's technology and retro styling to personal recording scenarios where it's often down to just you and your devices. They both include two "class-leading" mic preamps with 24-bit/192kHz conversion, balanced monitor outputs, a simple monitor mix control and a "Legacy 4K" mode that adds the analog sound of the company's 4000-series consoles to your inputs. There's not much more than you likely need, but what's there may be above-board.
New York settles with Equifax and others over lax mobile app security
New York Attorney General Barbara Underwood announced that the state has reached settlements with five companies regarding a security vulnerability present on each of their mobile apps. Going forward, the companies -- Equifax, Western Union, Priceline, Spark Networks and Credit Sesame -- will be required to implement security programs aimed at protecting their customers' information.
Half of phishing sites trick you into thinking they're 'secure'
You can't assume that a site is honest because it has that "secure" padlock in the address bar, and PhishLabs just illustrated why. The anti-phishing company has determined that 49 percent of all known phishing sites used Secure Sockets Layer protection (and thus displayed the padlock) as of the third quarter of 2018. That's a sharp rise from 35 percent in the second quarter, and a steep climb from 25 percent a year earlier. They'll still try to trick you into handing over vital details -- it's just that their web traffic will be encrypted while they do it.
NASA picks for 'tipping point' space tech include Blue Origin and ULA
NASA's current administrator is rather fond of private spaceflight, and that's reflected in the agency's latest round of technology funding. The organization has forged ten partnerships that will develop "tipping point" tech promising to help both NASA's own missions as well as the "commercial space economy," including interplanetary exploration and satellites. Some of the names on the list are very familiar, and you'll find a couple of clear favorites.
The EFF wants to make email servers more secure
The Electronic Frontier Foundation (EFF) launched HTTPS-encryption initiative Let's Encrypt two years ago with Mozilla and Cisco. Now it's turning its attention to email servers with a new project called STARTTLS Everywhere, which aims to help server admins run STARTTLS emails servers properly. Because according to the EFF, most aren't.
Data-stealing router malware bypasses web encryption
A recently discovered strain of router malware appears to be much worse than thought. Cisco Talos has learned that VPNFilter can not only render devices unusable, but can bypass the SSL encryption you often see on the web. A module in the malware intercepts outgoing web requests to turn them into non-secure (that is, basic HTTP) requests, helping it steal sign-ins and other sensitive data when possible. It can also use man-in-the-middle attacks to insert hostile JavaScript into outside websites, and target devices beyond the router itself, such as PCs on the local network.
Increased encryption will help keep porn browsing private
Thanks to boosts in visibility when it comes to search and web browsers, you've probably noticed more websites (like Engadget) switching to HTTPS, which uses encryption to secure the connection between browser and server. Despite benefits to privacy and security most adult sites, even larger ones, haven't rolled it out across their domains, but the Washington Post points out there's a new industry push to change that.
Chrome will soon stop supporting weak SHA-1 certificates
Google hasn't had confidence in SHA-1's -- the algorithm used for encryption by most SSL certificates, which add the "s" to https:// -- ability to keep your info safe for a long time. Now, the company is determined to stop supporting it and has revealed when it plans to do so. According to Google's Online Security blog, Chrome version 48 (currently in beta) will show a message that says "Your connection is not private" starting early next year whenever it detects an SHA-1-based certificate issued on or after January 1st, 2016.
Plex gives your media server a secure connection
You probably don't think of your personal media server as a target for hackers and spies, but Plex isn't taking any chances. The company has started handing out free SSL security certificates to everyone using a media server, giving you an encrypted connection while you're picking a movie to watch or simply signing in. The feature works across devices, too -- you'll get the same locked-down link whether you're on your phone or the web. Support is live now on Android, Plex Home Theater, Roku players, Windows and the web, and it should land shortly on game consoles, iOS and smart TVs.
Researchers find another terrifying iOS flaw
It can't have escaped your attention that security experts have declared open season on Apple products over the last few weeks. At San Francisco's RSA conference, an even more terrifying exploit has been revealed that has the power to send your iPhone or iPad into a perpetual restart loop. Mobile security firm Skycure has discovered that iOS 8 has an innate vulnerability to SSL certificates that, when combined with another WiFi exploit, gives malicious types the ability to create "no iOS zones" that can render your smartphones and tablets unusable. Before you read on, grab a roll of tinfoil and start making a new case for your iPhone.
Wink has a fix ready for its busted smart home hubs
Over the last day Wink Hub smart home controllers were hit with a long outage that left many users disconnected for good and needing to return their units. Now, the company has worked out a solution that owners can apply themselves. Several people who were affected by the problem -- traced to an expired security certificate -- have already tried the fix on their devices and say it works. Ultimately, what owners will need to do is temporarily reconfigure the DNS setting on their router, which directs the Hub to a specially configured server where it can download an update that fixes the problem. Update: The directions are available now, check out the Wink support site here.
How could Lenovo miss its Superfish security hole?
Until mid-day yesterday Lenovo thought the biggest problem with Superfish VisualDiscovery was the annoying ads it caused to pop up on customers' laptops. SuperFish was supposed to analyze images on the web and "help" consumers find similar products, but the information security world was learning that it (apparently unintentionally) does quite a bit more. Facebook engineer Mike Shaver tweeted Wednesday night about how the preloaded adware performs a man-in-the-middle (MITM) attack on supposedly secure connections, and by Thursday morning security researcher Rob Graham showed how it could be used to spy on the encrypted communications of anyone running the software. At that point, Levono CTO Peter Hortensius still referred to resulting security problems as "thoretical" but moves today from Microsoft and the US government -- and his comments to us -- show that they've realized the threat is very real. Update: Lenovo has just released a Superfish removal tool. In an accompanying statement (included after the break), the company says it's also working with McAfee so that virus scanners will remove the software and its certificate.
Firefox's latest update makes Yahoo the default search option
That was fast. It was just two weeks ago that Mozilla announced a deal making Yahoo the default search engine in Firefox, and now you can download an updated version of the desktop web browser (Firefox 34) that uses Yahoo as its out-of-the-box search option in North America. The app thankfully won't override your existing choice if you're a veteran user, but it will ask once if you'd like to switch. Android users aren't seeing a similar change in search providers, although it's likely just a matter of time.
Tech companies want you to have free web encryption
Ideally, you'd encrypt everything you do on the web to keep it away from spies and thieves. However, getting a security certificate to enable that encryption on your own site can be both costly and difficult -- many people don't even bother. That's not good enough for the Electronic Frontier Foundation, so it's partnering with Mozilla, Cisco and other tech firms to launch Let's Encrypt, an authority that will hand out and manage free certificates for anyone that wants them. Besides eliminating the cost barrier, the effort will also scrap a lot of the bureaucracy and hard work that's normally involved -- all you'll have to do is run a program, which should take seconds.
