Https

11 results arranged by date

Police officers detain an opposition supporter as journalists take pictures during a protest against presidential election results in Almaty, Kazakhstan, June 10, 2019. The blocking of news websites during the leadership transition suggests that recent moves to control the internet are about censorship, not security. (Reuters/Pavel Mikheyev)

Kazakhstan’s move to control internet prompts censorship, surveillance concerns

A state-controlled internet service provider in Kazakhstan is requiring at least some of its subscribers to submit to having their internet traffic intercepted when they use specific websites–including social media sites, email and messaging services, and Google News, according to research published this week by Censored Planet, a project at the University of Michigan.

Read More ›

CPJ
Jacob Weisberg, chairman of The Slate Group and a member of CPJ's board, left, speaks with BuzzFeed's Miriam Elder, center, and Global Voices' Sahar Habib Ghazi, right, about securing the newsroom. (CPJ/Geoffrey King)

Securing the newsroom: CPJ, journalists, and technologists commit

It’s second nature now for reporters rushing to a dangerous assignment to grab a helmet and vest. Physical security whether covering conflict or quakes is readily understood, if not always adequately implemented.

Read More ›

A meeting of the UN Human Rights Council in Geneva. Special Rapporteur on freedom of opinion and expression David Kaye is due to present his report on encryption there on June 17. (Reuters/Denis Balibouse)

UN report promotes encryption as fundamental and protected right

On Wednesday, Special Rapporteur on freedom of opinion and expression David Kaye will present his report on international legal protection for encryption and anonymity to the United Nations Human Rights Council. The report is an important contribution to the security conversation at a time when some Western leaders are calling for ill-informed and impossible loopholes…

Read More ›

The headquarters of Baidu in Beijing. New censorship tool the Great Cannon is said to have redirected traffic from the popular Chinese site in a massive distributed denial of service attack. (AFP/Liu Jin)

China’s Great Cannon: New weapon to suppress free speech online

China, rated as the eighth most censored country in the world, in a report released by CPJ today, has long had a strong line of defense against free speech online. Its Golden Shield Project, launched by the Ministry of Public Security in 1998, relies on a combination of technology and personnel to control what can…

Read More ›

An Internet café in Beijing. Attacks that appear to have been mediated by China's censors against GitHub, a software site vital to Chinese developers, demonstrate the importance of HTTPS in protecting against censorship. (Reuters/Jason Lee)

When it comes to Great Firewall attacks, HTTPS is greatest defense

The power of HTTPS to protect has been brought into sharp focus by a series of attacks against software collaboration site GitHub. These attacks consistently failed because of the site’s universal use of HTTPS. Most recently, GitHub reported a blistering series of distributed denial of service attacks in March, which it believes were an attempt…

Read More ›

Google's landing page for China is viewed on a laptop in Hong Kong. False credentials were issued for Google and other domains by Chinese digital certificate company CNNIC. (AFP/Frederic J. Brown)

China’s CNNIC issues false certificates in serious breach of crypto trust

In a major breach of public trust and confidence, the Chinese digital certificate authority China Internet Network Information Center (CNNIC) certified false credentials for numerous domains, including several owned by Google. The deliberate breach had the potential to seriously endanger vulnerable users, such as journalists communicating with sources. The breach was discovered by Google and…

Read More ›

‘Spear phishing’ attacks underscore necessity of digital vigilance

The revelation that the FBI sent a fake Associated Press story containing malware to a teenager suspected of making bomb threats has brought “spear phishing” back into the public consciousness. The technique, which combines malicious software with social cues tailored to the target, has been used by state and non-state actors to attack journalists and…

Read More ›

Farsi guides to the surveillance attack in Iran

As we’ve reported before, there’s strong evidence that forces with widespread access to Iran’s internet infrastructure have been engaged in large-scale surveillance of https traffic in July and August, certainly of Google traffic, and perhaps many more websites, including Facebook and Yahoo! If you used the Internet in Iran during this period you should, at…

Read More ›

Catching the Internet’s spies in Iran and elsewhere

In August, Google introduced a new, if rather obscure, security feature to its Chrome web browser, designed to be triggered only under extreme circumstances. If you were talking to Google’s servers using the web’s secure “https” protocol, your browser makes a number of checks to ensure that you are really talking to Google’s servers. Like…

Read More ›

A Google developers conference in May. (Reuters/Beck Diefenbach)

Google+ for journalists at risk

When they’re creating new features, software designers talk in terms of “use cases.” A use case describes steps that future customers might perform with a website. “Starting a group with friends,” would be a use case for Facebook. “Buying a book” would be case for Amazon’s designers. 

Read More ›