It’s 2017 and changing other people’s flight bookings is incredibly easy

The travel booking systems used by millions of people every day are woefully insecure and lack modern authentication methods. This allows attackers to easily modify other people’s reservations, cancel their flights and even use the refunds to book … Continue reading It’s 2017 and changing other people’s flight bookings is incredibly easy

Posted in Uncategorized

Apple gives iOS app developers more time to encrypt communications

Apple has backtracked on a plan to force iOS developers to encrypt their app communications by the end of the year.

The company had previously announced at its Worldwide Developers’ Conference in June that all apps submitted to the App Store will need support the App Transport Security (ATS) feature starting January 1st, 2017. It has not yet set a new deadline.

ATS is a feature first introduced in iOS 9 that forces apps to communicate with internet servers using encrypted HTTPS (HTTP over SSL/TLS) connections. It’s an improvement over the third-party frameworks that developers previously used to implement HTTPS because it ensures that only industry-standard encryption protocols and ciphers are used.

To read this article in full or to leave a comment, please click here

Continue reading Apple gives iOS app developers more time to encrypt communications

Posted in Uncategorized

Apple gives iOS app developers more time to encrypt communications

Apple has backtracked on a plan to force iOS developers to encrypt their app communications by the end of the year.

The company had previously announced at its Worldwide Developers’ Conference in June that all apps submitted to the App Store will need support the App Transport Security (ATS) feature starting January 1st, 2017. It has not yet set a new deadline.

ATS is a feature first introduced in iOS 9 that forces apps to communicate with internet servers using encrypted HTTPS (HTTP over SSL/TLS) connections. It’s an improvement over the third-party frameworks that developers previously used to implement HTTPS because it ensures that only industry-standard encryption protocols and ciphers are used.

To read this article in full or to leave a comment, please click here

Continue reading Apple gives iOS app developers more time to encrypt communications

Posted in Uncategorized

Encrypted messaging app Signal uses Google to bypass censorship

Developers of the popular Signal secure messaging app have started to use Google’s domain as a front to hide traffic to their service and to sidestep blocking attempts.

Bypassing online censorship in countries where internet access is controlled by the government can be very hard for users. It typically requires the use of virtual private networking (VPN) services or complex solutions like Tor, which can be banned too.

Open Whisper Systems, the company that develops Signal — a free, open-source app — faced this problem recently when access to its service started being censored in Egypt and the United Arab Emirates. Some users reported that VPNs, Apple’s FaceTime and other voice-over-IP apps were also being blocked.

To read this article in full or to leave a comment, please click here

Continue reading Encrypted messaging app Signal uses Google to bypass censorship

Posted in Uncategorized