There are certain websites that you expect to be secure. The NSA’s and FBI’s sites, for example, or any shopping site you enter your credit card information on. They say HTTPS, and they show a lock, so they’re fine, right? Wrong. A team of researchers this week has announced the finding of a flaw they’re calling FREAK. It interferes with that encryption and makes some sites vulnerable — and it’s everywhere. Not just on laptop and desktop computers, but also on mobile phones and tables. Here’s what you need to know. [More]
Last week, the world collectively freaked out when we learned that Samsung’s smart TVs can take things that we say in our living rooms and uploads them to a third-party transcription service. The gadget-maker tried to calm us all down by explaining how the service works, but there’s a problem: people may have assumed that data is encrypted. It’s not. [More]
Broadband and mobile companies are happy to claim that we don’t need new rules to protect net neutrality, because even without rules in place, they’ve never blocked traffic in any harmful way and don’t particularly want to in the future either. However, one internet business says they have proof it happens — and the way the ISPs are doing it can have a huge effect not only on the quality of internet traffic, but on the safety of it, too. [More]
While most major services you use like Facebook, Google, Yahoo, Twitter and others have likely (and hopefully) patched up any security holes at risk from the Heartbleed bug, U.S. regulators are warning banks to update their systems as well, and quickly. [More]
If security is a blanket, Yahoo is trying to roll itself up in more layers of that blanket to make a nice little cocoon for its users, designed to keep the government and others from snooping. Following Google’s recent new security measures, Yahoo says it’s also completed a new system that encrypts all info going from one Yahoo data center to another. [More]
A glitch at AT&T is causing some mobile phone used to be randomly shuffled into other people’s Facebook accounts. Apparently the carrier has confused which phones should be logged into which accounts. Whoops. [More]
If you’re a gadgetophile like me, you love firmware updates because it’s like giving your smartphone, camera, or other mp3 player a mini-makeover. If you’re normal, however, don’t rush into it—the best thing to do is wait a bit and see what problems are reported from the front line. Take for instance this issue between 3G iPhones and Exchange servers, which no longer play well with each other after yesterday’s 3.1 iPhone OS upgrade.
This fall, credit card processors will being rolling out a new approach to preventing data theft, based on the assumption that it’s impossible to thwart every attack. Instead of keeping 100% of criminals out, they’ll segment and encrypt the data into such small chunks that it will no longer be a cost-effective crime.
Gmail recently rolled out a change to its settings, where now you can permanently turn on SSL encryption. Do it now—your personal data will thank you for it. Besides, it’s going to get a lot easier to hack Gmail sessions very soon, because some guy is planning on releasing a hacking tool to the public in order to force Google to implement better security. [monkey_bites]