Security Roundup - The Beginning

Google To Start Penalizing SHA1 Certificates

Interesting to note:

  • They are penalizing ones that are issued after January 1st, as these were not supposed to be issued.
  • Also plan to start penalizing if intermediate certificates are still use SHA1.
  • Potential to treat them all as untrusted as early as July 1st, 2016

Real World Cryptography Conference 2016

Kicked off yesterday, and has some interesting sounding sessions, including several talks about TLS.

Dutch Government Supports Encryption, Against Backdoors meanwhile China Uses US Encryption Fight to Pass Backdoor Legislation

Want Access To A Physical Linux Machine? Press Backspace 28 Times

GRUB2 Authentication Bug that was in the wild from December 2009

Hacking Blame Game

Interesting article on knee-jerk attribution of hacks.

‘We Take Your Security Seriously’

The apologetic cry of breached companies everywhere.

Written on January 1, 2016