Tag Archive for Electronic Frontier Foundation

From http to https: New certificate authority for secure Web coming next year

Posted on November 19, 2014 by

letsencrypt

In a few months, there shall be a new certificate authority (CA) called ‘Let’s Encrypt’ that aims to clear the remaining roadblocks to the transition of Websites from http to https.

The  initiative is by the non-profit, Electronic Frontier Foundation (EFF). For this, the institution has got Mozilla, Cisco, Akamai, IdenTrust, & researchers at the University of Michigan together.

The announcement on the EFF Website explains the whole process. It says: Although the HTTP protocol has been hugely successful, it is inherently insecure. Whenever you use an HTTP Website, you are always vulnerable to problems, including account hijacking and identity theft. The HTTPS protocol, though it is not yet flawless, is a vast improvement on all of these fronts, and we need to move to a future where every Website is HTTPS by default.

The new CA will be launched in the summer of 2015. The Let’s Encrypt CA will automatically issue & manage free certificates for any Website that needs them. Switching a Web server from http to https with this CA will be as easy as issuing one command, or clicking one button.

EFF has expalined that the “biggest obstacle to https deployment” has been the complexity, bureaucracy, & cost of the certificates that was required.

“The need to obtain, install, and manage certificates from that bureaucracy is the largest reason that sites keep using HTTP instead of HTTPS. In our tests, it typically takes a web developer 1-3 hours to enable encryption for the first time,”says the announcement.

The Let’s Encrypt project will reduce setup time to 20-30 seconds. It will employ a number of new technologies to manage secure automated verification of domains & issuance of certificates. A protocol it is developing called ACME between Web servers & the CA, shall be deployed.

Image Credit: EFF

Advertising Message

Comments Off on From http to https: New certificate authority for secure Web coming next year Posted in Internet News

Most messaging apps & tools flunk this security best practises test

Posted on November 9, 2014 by

The Electronic Frontier Foundation is a unique org – it’s an NGO in the field of defending civil liberties in the digital world.

The Foundation has now spearheaded research & published a kinda score card on its outcome for Internet messaging services, indeed Online communication tools, including mobile apps to povide users a guide on which ones are really safe & secure.secure messaging appsThis scorecard represents only the 1st phase of the campaign. In later phases, the Foundation is planning to offer closer examinations of the usability & security of the tools that score the highest here.

(Warning: As such, the results in the scorecard should not be read as endorsements of individual tools or guarantees of their security; they are merely indications that the projects are on the right track.)

Most apps that were analyzed failed in 1 or multiple categories. Only the following came out with flying colors:

ChatSecure + Orbot (encrypted chat application for iPhone and Android)
Cryptocat (Available for iOS, Os X, and web browsers)
Signal (iOS only)
Silent Circle (available for Android and iOS)
Silent Text (available for Android and iOS)
TextSecure (Android)

The EFF, in collaboration with Julia Angwin at ProPublica & Joseph Bonneau at the Princeton Center for Information Technology Policy, have joined hands to launch a campaign for secure & usable crypto. As it spells it out on their Site: We are championing technologies that are strongly secure and also simple to use.

The Secure Messaging Scorecard examined dozens of messaging technologies & rated each of them on a range of security best practices. The campaign was focused on communication technologies — including chat clients, text messaging apps, email applications, & video calling technologies. These are the tools everyday users need to communicate with friends, family members, and colleagues.

For the survey, they also chose technologies that had a large user base–and thus a great deal of sensitive user communications–in addition to smaller companies that were pioneering advanced security practices.

If our readers wanna know further, click here to read up on this report.

 

Image Credit: EEF

 

Advertising Message

Comments Off on Most messaging apps & tools flunk this security best practises test Posted in Digital World News, Internet News, Social Media News
« Older Entries