Safari soon won’t accept HTTPS certificates longer than 13 months

Apple announced during last week’s CA/Browser Forum that Safari will soon reject any HTTPS certificates that expire in any longer than 13 months.

The CA/Browser Forum is a voluntary consortium that began in 2005 as part of an effort among certification authorities and browser software vendors to provide greater assurance to web users about the sites they visit.

HTTPS certificates, using TLS encryption, help to ensure the sites a user visits are safe and legitimate....

Linux Foundation and LISH publish latest open-source census with suggestions to boost security

The latest open-source census has been published by the Linux Foundation and Laboratory for Innovation Science at Harvard University (LISH) with some interesting observations.

Now in its second edition, the census examines the current state of open-source software. The latest report, catchily titled “Vulnerabilities in the Core, a Preliminary Report and Census II of Open Source Software," focuses on common Free and Open Source Software (FOSS) used in production...

SoundCloud repairs API-related security snafus after Checkmarx research

Online audio distribution platform and music sharing website SoundCloud has fixed several security vulnerabilities affecting its API that could have otherwise resulted in hackers taking over accounts, launching denial of service attacks, and exploiting the service.

All weaknesses were found in an investigation conducted by the Checkmarx Security Research team to study the state of API security in leading...

Starbucks’ API key found in public GitHub repository – reports

Developers at Starbucks left an API key in the public GitHub repository that could have given any attacker the access to the coffeehouse chain’s internal systems who would have easily manipulated the list of authorised users.

As first reported by Bleeping Computer, the API key’s vulnerability level was set to critical because it enabled access to a Starbucks JumpCloud API, but it was spotted...

Why privacy and integrity matters in a mainframe network

Mainframes are the foundation for many critical systems, from bank databases to municipal systems for local governments. It's estimated that 70% of Fortune 500 companies have mainframes in their infrastructure. This hardware holds a lot of sensitive data, which puts it in a vulnerable position. Privacy and data integrity must be maintained for the mainframe systems to ensure that this information isn't accessed without authorisation,...

App developers may be forced to disclose any foreign involvement

The US government is considering forcing app developers to disclose any foreign involvement after a string of concerns about how users' data is being collected.

One notable example is video sharing app TikTok. The app is developed by Beijing-based ByteDance and concerns have been raised about how much user data is being sent back to China.

Similar concerns have also been raised about viral hit FaceApp which many people have used to make their face appear old, young, or a...

Utopia looks to create a self-regulating society with P2P ecosystem and mineable cryptocurrency

The vitality of the Internet is such that any reference to Maslow’s hierarchy of needs, first published in 1943, today usually comes with a half-joking reference to Wi-Fi. Indeed, you would not be reading this piece now without it. Yet one particularly promising area for distributed ledger technologies (DLT) is around user and data privacy for Internet usage.

Meet Utopia. The product, which launches today from anonymous group of networking enthusiasts who call themselves The...

StrongSalt’s new Open Privacy API offers ‘encryption as a service’

Encryption as a service provider StrongSalt has released its Open Privacy API to improve the security of developers’ applications.

StrongSalt was founded by Ed Yu, the former founding engineer of cybersecurity giant FireEye. Back in September, StrongSalt raised $3 million in seed funding from Valley Capital Partners.

Claiming it wants to “do for encryption what Stripe has done for payments and Twilio has done for communications,” StrongSalt offers APIs and...

Sophos launches a security analysis platform for developers

British cybersecurity firm Sophos has launched a new threat intelligence and analysis platform for developers.

SophosLabs Intelix helps developers to build more secure applications through simple API calls. Developers can use an API call to assess the risk of things like files, IP addresses, URLs, and more.

Sophos claims the platform is continuously updated and features petabytes of real-time and historical intelligence.

The platform collates masses of data to help...

Python libraries imitating ‘dateutil’ and ‘jellyfish’ caught stealing SSH and GPG keys

Two malicious Python libraries have been caught stealing SSH and GPG keys from developers over the past year.

The libraries were part of PyPI (Python Package Index) and imitated two popular non-malicious libraries using typosquatting.

The first library is “python3-dateutil,” which imitates “dateutil,” a library which provides extensions to Python’s standard datetime module.

Next up is the “jeIlyfish” library, with the first...