Tag Archives: Security

HTTP/2 and TLS

Speaking of nosy Parkers, the Open Web Alliance is annoyed that HTTP/2 will make it harder for them to spy on you and is lobbying against mandatory encryption in HTTP/2. Sadly, they've won the first round. The Open Web Alliance … Continue reading

Posted in General | Tagged , | Leave a comment

The Difference Between Malware and Adware

Infosec Taylor Swift has a clarification for Lenovo, other computer manufacturers, and the journalists who report on them: Journalists: "Adware" is malware with a legal team. — InfoSec Taylor Swift (@SwiftOnSecurity) February 19, 2015

Posted in General | Tagged | Leave a comment

Do As I Say...

An almost too delicious piece of hypocrisy.

Posted in General | Tagged , | Leave a comment

What Happens When You Build In Backdoors?

They end up biting you in the butt. Matt Green's post is a nice explanation of the FREAK exploit. You can read his post for the technical details, which, really, aren't that interesting except that they show how making it … Continue reading

Posted in General | Tagged , | Leave a comment

Just When You Thought It Couldn't Get Worse

What could make the Lenovo/SuperFish scandal worse than it already is? This could: .@iblametom @Forbes @kristamonster May I rephrase? “$250,000 is all it takes for Lenovo to sell its customers out.” — Reginald Braithwaite (@raganwald) February 27, 2015 If true and … Continue reading

Posted in General | Tagged , | Leave a comment

And So It Begins

The lawyers will be happy.

Posted in General | Tagged , | Leave a comment

Everybody Wants Ta Get Inta Da Act

Apologies to Jimmy Durante but everyone, it seems, is waging man-in-the-middle attacks. The latest perpetrator is the provider of in-flight WiFi, Gogo. Google security engineer Adrienne Porter Felt, while on a flight, discovered that Gogo was serving up fake SSL … Continue reading

Posted in General | Tagged , | Leave a comment

Lenovo Denies Security Problems

It's infuriating that Lenovo continues to deny that SuperFish is a security threat. They keep saying that they've stopped installing it but that in any case SuperFish didn't collect or store any private information. Doubtless that's true but it's a … Continue reading

Posted in General | Tagged , | Leave a comment

MITM Coming to a Job Near You

Just in case you think that man-in-the-middle attacks are just for the victims of Lenovo's shenanigans, there's this .@mountain_ghosts Such as this lovely device, which goes by the Orwellian name of an "SSL Visibility Appliance": https://t.co/TEmLfOTZnt — Nick Stenning (@nickstenning) … Continue reading

Posted in General | Tagged , | Leave a comment

Lenovo

You've almost certainly heard about the astoundingly stupid actions on the part of Lenovo. Forget about the security implications for a minute. What this boils down to is that Lenovo sold out their customers for a few pieces of silver … Continue reading

Posted in General | Tagged , | Leave a comment