Https

7 results arranged by date

Blog   |   Internet, Security

When it comes to Great Firewall attacks, HTTPS is greatest defense

An Internet café in Beijing. Attacks that appear to have been mediated by China's censors against GitHub, a software site vital to Chinese developers, demonstrate the importance of HTTPS in protecting against censorship. (Reuters/Jason Lee)

The power of HTTPS to protect has been brought into sharp focus by a series of attacks against software collaboration site GitHub. These attacks consistently failed because of the site's universal use of HTTPS. Most recently, GitHub reported a blistering series of distributed denial of service attacks in March, which it believes were an attempt to persuade the site to remove certain content. Security researchers including Robert Graham and Insight Labs analyzed the latest GitHub attack, concluding that it appears to have been mediated by China's "great firewall" censorship system.

April 8, 2015 2:03 PM ET

Tags:

Blog   |   China, Internet, Security

China's CNNIC issues false certificates in serious breach of crypto trust

Google's landing page for China is viewed on a laptop in Hong Kong. False credentials were issued for Google and other domains by Chinese digital certificate company CNNIC. (AFP/Frederic J. Brown)

In a major breach of public trust and confidence, the Chinese digital certificate authority China Internet Network Information Center (CNNIC) certified false credentials for numerous domains, including several owned by Google. The deliberate breach had the potential to seriously endanger vulnerable users, such as journalists communicating with sources. The breach was discovered by Google and published on its security blog on March 23. Despite this serious lapse, it appears CNNIC's authority will not be revoked, and that its credentials will continue to be trusted by almost all computers around the world.

Blog   |   Internet

'Spear phishing' attacks underscore necessity of digital vigilance

The revelation that the FBI sent a fake Associated Press story containing malware to a teenager suspected of making bomb threats has brought "spear phishing" back into the public consciousness. The technique, which combines malicious software with social cues tailored to the target, has been used by state and non-state actors to attack journalists and rights advocates, including the Committee to Protect Journalists. Spear phishing can be devastatingly effective, but there are simple steps journalists can take to protect their work, themselves, and their sources.

Blog   |   Internet, Iran

Farsi guides to the surveillance attack in Iran

As we've reported before, there's strong evidence that forces with widespread access to Iran's internet infrastructure have been engaged in large-scale surveillance of https traffic in July and August, certainly of Google traffic, and perhaps many more websites, including Facebook and Yahoo!

If you used the Internet in Iran during this period you should, at the very least, change your passwords, and log out, then log back into, any services you use.

A fuller explanation of what happened, and what to do about, written in Farsi, is available from Google's Persian Blog. "DigicomV" on YouTube has also posted some Farsi-language videos explaining the attack.

Thanks to Katrin at MobileActive for these links.

September 16, 2011 4:23 PM ET

Tags:

Blog   |   Internet, Iran

Catching the Internet's spies in Iran and elsewhere

In August, Google introduced a new, if rather obscure, security feature to its Chrome web browser, designed to be triggered only under extreme circumstances.

If you were talking to Google's servers using the web's secure "https" protocol, your browser makes a number of checks to ensure that you are really talking to Google's servers. Like an overly obsessive bouncer, the new code double-checks the identity of any supposed Google site against a Chrome-only list of valid Google identities hardwired into the browser.

September 1, 2011 10:34 AM ET

Tags:

Blog   |   Internet, USA

Google+ for journalists at risk

A Google developers conference in May. (Reuters/Beck Diefenbach)

When they're creating new features, software designers talk in terms of "use cases." A use case describes steps that future customers might perform with a website. "Starting a group with friends," would be a use case for Facebook. "Buying a book" would be case for Amazon's designers. 

Blog   |   Internet, Syria

Syrian Facebook: Low-tech threats and high-tech scrutiny

Journalists and online news-gatherers have been struggling to collect and distribute high-quality information about recent events in Syria. Foreign journalists have been turned away at the border; local online reporters have been detained. The quality of Internet and mobile phone connectivity has been extremely variable, with reports of Net and phone connections being cut off in selective areas, such as Deraa and Douma. The Wall Street Journal reported blocks on social-networking sites, and CPJ has received reports of consistent slowdowns of home Internet services such as Skype and Google Mail.

May 6, 2011 4:58 PM ET

Tags:

7 results