Half of all Phishing Sites Now Have the Padlock

We used to believe that a padlock shown in a web browser’s address bar meant that we were connected to a safe and secure web site. That’s no longer true. In fact, it never was completely true.

The padlock is shown when a web site has a security certificate installed and the connection is made using an encrypted “https” connection.

HTTPS protocol. (The letter “S” after “http” indicates a “secure” connection.) In fact, an https connection has some arguable drawbacks. Mainly, there’s virtually no barrier to anyone obtaining HTTPS certification, which has made it attractive for criminal groups hoping to add an air of authenticity to bogus sites. That little green padlock guarantees that you’re sending data encrypted, but not that the person on the receiving end has scruples.

Continue reading

California Governor Brown Signs Net Neutrality Bill into Law and Almost Immediately the US Department of Justice Files Suit

From the IAJGS Mailing List:

On Sunday, September 30, the last day the Governor had to sign bills, Governor Jerry Brown signed SB 822, the Net Neutrality Bill, and almost immediately the US Department of Justice filed suit to overturn the law. The California legislation would have reinstated the Obama-era open internet rules in the state. It is considered the strongest net-neutrality provisions-it was passed on a bi-partisan basis. The law forbids internet service providers from blocking websites, intentionally slowing down a website or app or accepting payments to make online services go faster and more.

US Attorney General Jeff Sessions said the federal government, not the states, should oversee the Internet. He said California had “enacted an extreme and illegal state law attempting to frustrate federal policy.”

California Attorney General Xavier Becerra said the state “will not allow a handful of power brokers to dictate sources of information or the speed at which websites load.”

Continue reading

Equifax Slapped With UK’s Maximum Penalty Over 2017 Data Breach

Equifax (which was mentioned often in this blog) has finally had their hands slapped. Unfortunately, the fine is for only £500,000 ($661,825 US dollars) which is pocket change for a company the size of Equifax. The Equifax accountants will probably record it is a petty cash expenditure.

You can read more about the fine and the reasons for it in an article by Natasha Lomas in the TechCrunch blog at: https://tcrn.ch/2DiWFZJ.

Why Any Backdoor Would Be a Threat to Online Security

In regular intervals, Politicians demand that companies add backdoors to their end-to-end encrypted cloud services to enable law enforcements to easier persecute criminals. This demand ignores that any backdoor to encryption poses a severe threat to online security in general. An article in the Tutanota Blog explains why a backdoor is – and will always be – a stupid idea.

Check it out at: https://tutanota.com/blog/posts/why-a-backdoor-is-a-security-risk.

ProtonMail Hits 5 Million Accounts and Wants Users to Ditch Google by 2021

ProtonMail, the Geneva, Switzerland-based encrypted email service, “wants you to be able to completely de-Google-fy your life,” according to CEO Andy Yen. “Come to ProtonMail, and have all the features, plus the security and the privacy that Google doesn’t provide you. So, that’s our long-term vision.”

ProtonMail is primarily different from your free email — Gmail, Yahoo!, etc. — because it encrypts your message and can’t scrape them for data. That encryption also protects them from being read by third-parties if you send an email from your ProtonMail account to another ProtonMail user. But what about encrypted docs, spreadsheets, and slideshow presentations? That’s coming, too, Yen says.

Continue reading