Risk Radar Free Cyber Security Newsletter – Jan. 12, 2016

The Father of Online Anonymity Has a Plan to End the Crypto War
David Chaum is going to try to fix the government need for backdoors while keeping the encryption secure. The encryption scheme is called PrivaTegrity. The most interesting part is the community controlled secure backdoor. It will be very interesting to see if this lives up to David’s claims.
Older IE Versions Losing Security Support on Tuesday
IE versions 8, 9, and 10 are losing security support Tuesday Jan 12th. Many users will not care since they are on the latest Microsoft browser or an alternate browser. The rub will be for many corporations that are running homegrown web applications on these old versions of IE. It will be interesting to see how companies deal with this.
Let’s Encrypt Now Being Abused By Malvertisers
Certificates to enable encryption of HTTP traffic are not free. They can also be hard for site owners to setup themselves. Let’s Encrypt is a project that was setup to eliminate these two problems for the averages site owner. It was just a matter of time before a bad guy would take the Let’s Encrypt certificate and use it for their foul purposes. Hopefully Let’s Encrypt figures out a fix.
SLOTH Attacks Up Ante on SHA-1, MD5 Deprecation
Collision attacks on SHA-1 and MD5 are becoming easier with the SLOTH attack made by two researchers from INRIA (French Institute for Research in Computer Science and Automation). They have determined mainstream protocols do require collision protection to avoid man in the middle attacks. The two researchers are recommending the SHA-1 and MD5 need to be forcibly disabled in existing protocols.
Time Warner Cable Urges 320,000 Customers to Change Passwords
Time Warner Cable is contacting customers individually who had account information stolen. They are also urging customers to change passwords. Just another breach to add to the many that came last year. The battle continues to secure big data.
Virtual Bitlocker Containers
Internet Storm Center has an interesting write up using Bitlocker on Windows machines to make encrypted file containers. There are some other options like GostCrypt to take over from Truecrypt. But if your OS has it built in why not just use the built in encryption feature.