Facebook farewells flaky SHA-1

Facebook has set the date: on September 30, the ancient and creaking SHA-1 hashing algorithm will make its tumbril trip and get the chop. SHA-1, designed by the NSA in 1995, is a one-way algorithm: a block of data is turned into a message digest. The digest can’t be turned back into the original message,…

Read More

June 5, 2015 | by

Firefox switching to encrypted Google search

The H-Online: An inconspicuous “s” added to various ‚Äčlines of code in its latest nightly builds means that future versions of Firefox will send all search queries to Google in encrypted form. This means that instead of HTTP, the open source browser will use the HTTPS protocol, which encrypts traffic between the web site and…

Read More

March 22, 2012 | by

Google is globally switching its search to HTTPS by default

The H-Online: Google has announced on its Inside Search blog that it is enabling SSL encryption by default on its global search pages. The US site Google.com has been switching users to the secured HTTPS protocol since last year and now, to improve security and privacy for all its users, the company is rolling the…

Read More

March 9, 2012 | by

HTTPS Everywhere reaches 2.0, comes to Chrome as beta

H-Online: Version 2.0 of the HTTPS Everywhere browser extension has been released. Where possible, the add-on automatically redirects users to more secure HTTPS connections when they access certain web pages. HTTPS Everywhere 2.0 includes an optional “Decentralised SSL Observatory” feature that detects weaknesses in encryption. When the extension detects an encryption issue, such as weak…

Read More

March 1, 2012 | by

Twitter enables HTTPS for all signed-in users

The H-Online: Twitter has announced that it has now enabled HTTPS by default for all users signed into the micro-blogging service. By using HTTPS, all user information including log-in credentials transmitted to the company’s servers are sent using SSL encryption. This means that all data is transmitted in encrypted form and can no longer be…

Read More

February 15, 2012 | by

An update on attempted man-in-the-middle attacks

Google: Today we received reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and…

Read More

August 31, 2011 | by