Tag Archive for: encrypt

Amid pressure, Zoom will end-to-end encrypt all calls, free or paid

/in
Stylized photo of a computer screen with the image of a padlock.

Enlarge (credit: Yuri Samoilov Follow / Flickr)

Under pressure from privacy and human rights advocates, Zoom said on Wednesday that it will make end-to-end encryption available to both paying and non-paying users of its video conferencing service.

Previously, Zoom said it would provide end-to-end encryption to paying customers and a less-robust form of encryption, known as transit encryption, to non-paying customers. Zoom said the two-tier offering would allow law enforcement to regulate illicit content coming from users who don’t have accounts and, hence, are harder to track. Paying users, by contrast, had more traceability and, hence, were less likely to use the platform for illegal purposes.

Critics in privacy and human rights circles said the Zoom plans threatened to make privacy a premium feature rather than something that’s available by default. The critics called on Zoom to provide the same protections for all users.

Read 7 remaining paragraphs | Comments

Biz & IT – Ars Technica

Let’s Encrypt discovers CAA bug, must revoke customer certificates

/in
Unfortunately, most if not all Let's Encrypt users will need to manually force-renew their certificates before Wednesday. It's at least an easy process.

Enlarge / Unfortunately, most if not all Let’s Encrypt users will need to manually force-renew their certificates before Wednesday. It’s at least an easy process. (credit: Adobe)

On Leap Day, Let’s Encrypt announced that it had discovered a bug in its CAA (Certification Authority Authorization) code.

The bug opens up a window of time in which a certificate might be issued even if a CAA record in that domain’s DNS should prohibit it. As a result, Let’s Encrypt is erring on the side of security and safety rather than convenience and revoking any currently issued certificates it can’t be certain are legitimate, saying:

Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of your certificates. To avoid disruption, you’ll need to renew and replace your affected certificate(s) by Wednesday, March 4, 2020. We sincerely apologize for the issue.

If you’re not able to renew your certificate by March 4, the date we are required to revoke these certificates, visitors to your site will see security warnings until you do renew the certificate.

Let’s Encrypt uses Certificate Authority software called Boulder. Typically, a Web server that services many separate domain names and uses Let’s Encrypt to secure them receives a single LE certificate that covers all domain names used by the server rather than a separate cert for each individual domain.

Read 6 remaining paragraphs | Comments

Biz & IT – Ars Technica

Let’s Encrypt issues one-billionth web security certificate

/in

It wasn’t that long ago that most websites weren’t secured with Transport Layer Security (TLS) encryption. You could tell because the sites started with HTTP instead of HTTPS. Today, 81% of web pages …
internet security – read more

Internet security borne out of collaboration between Princeton and Let’s Encrypt – Princeton University

/in

Internet security borne out of collaboration between Princeton and Let’s Encrypt  Princeton University
“internet security news” – read more