Category Archives: Link list

Let’s Encrypt and Comodo in trademark tussle

Posted on by

The non-profit Let’s Encrypt project, set up to help more websites switch on HTTPS for free, has found itself in a kerfuffle with Comodo, one of the largest commercial vendors of website certificates.

Let’s Encrypt writes:

Some months ago, it came to our attention that Comodo Group, Inc., is attempting to register at least three trademarks for the term “Let’s Encrypt,” for a variety of CA-related services. These trademark applications were filed long after the Internet Security Research Group (ISRG) started using the name Let’s Encrypt publicly in November of 2014, and despite the fact Comodo’s “intent to use” trademark filings acknowledge that it has never used “Let’s Encrypt” as a brand.

Since March of 2016 we have repeatedly asked Comodo to abandon their “Let’s Encrypt” applications, directly and through our attorneys, but they have refused to do so. We are clearly the first and senior user of “Let’s Encrypt” in relation to Internet security, including SSL/TLS certificates – both in terms of length of use and in terms of the widespread public association of that brand with our organization.

Comodo, which claims to be the world’s most widely used SSL Certificate Authority, wants to trademark “Let’s Encrypt”, “Let’s Encrypt with Comodo” and “Comodo Let’s Encrypt.”

Things are getting ugly… and I can’t see how this is going to help create a more secure internet.

Continue reading Let’s Encrypt and Comodo in trademark tussle

Monsanto sues ex-employee accused of stealing data

Posted on by

Controversial agriculture and biotech giant Monsanto has filed a lawsuit against former employee Jiunn-Ren Chen, accusing him of stealing 52 files from its computer systems.

Chen, who worked as a programmer for Monsanto, is said to have accessed sensitive information nine days after he told the firm that he was resigning, reports Jacob Bunge at the WSJ:

Mr. Chen told Monsanto on June 1 that he was resigning and planned to return to Taiwan to care for his sick father and take over the family business there, according to the lawsuit. That same day, he turned over his company-issued computers, which Monsanto officials analyzed as per company policy. The analysis showed Mr. Chen’s computers contained “highly sophisticated and unauthorized software” that could be used to monitor activity and siphon away data, according to the suit.

While monitoring activity around Mr. Chen’s access credentials, Monsanto discovered that on June 10, his credentials were used to remove files from Monsanto’s systems, the company said. His last official day of work was expected to be June 14, the lawsuit says.

When Monsanto asked Mr. Chen about the removed files, he attributed it to a “hacker” but also said he was considering a job offer at a seed company based in Wuhan, China, court papers said. According to the lawsuit, he said he had previously been in contact with Mo Hailong, a Chinese citizen who earlier this year pleaded guilty to participating in a long-running plot to steal genetically pure corn seeds developed by Monsanto and DuPont Co.

The WSJ reports that Monsanto is also keen to access and rifle through Chen’s “cloud data storage accounts”, to see if any other company data might be stored there.

Moral of the story? Have a clear policy of revoking access rights to sensitive information when workers are in the process of leaving your business.

Monsanto, the world’s largest producer of genetically modified seeds, has stirred worldwide protests for its successful lobbying against the mandatory labelling of food containing genetically modified organisms (GMOs), and is no stranger to security breaches and hacking attacks.

Continue reading Monsanto sues ex-employee accused of stealing data

Apple will require HTTPS connections for iOS apps by the end of 2016

Posted on by

Kate Conger at TechCrunch reports:

“Today, I’m proud to say that at the end of 2016, App Transport Security is becoming a requirement for App Store apps,” Apple’s head of security engineering and architecture, Ivan Krstic, said during a WWDC presentation. “This is going to provide a great deal of real security for our users and the communications that your apps have over the network.”

App Transport Security, or ATS, is a feature that Apple debuted in iOS 9. When ATS is enabled, it forces an app to connect to web services over an HTTPS connection rather than HTTP, which keeps user data secure while in transit by encrypting it.

This cannot come soon enough in my opinion.

People ask me all the time which operating system is more secure: iOS or Android?

The truth is that the choice of mobile operating system shouldn’t be your primary concern.

You should be more worried about the apps that you’re running on your smartphone, and how good a job they are doing at keeping your data secure and private – both when in communication with the internet, and when stored on a third-party developer’s servers.

Forcing iOS apps to use HTTPS is a definite step in the right direction, and will help make it harder for criminals to steal information as you use your iPhone or iPad.

Roll on 2017…

Continue reading Apple will require HTTPS connections for iOS apps by the end of 2016

Computer crash wipes out years of Air Force investigation records »

Posted on by

Defense One:

The U.S. Air Force has lost records concerning 100,000 investigations into everything from workplace disputes to fraud.

A database that hosts files from the Air Force’s inspector general and legislative liaison divisions became corrupted last month, destroying data created between 2004 and now, service officials said. Neither the Air Force nor Lockheed Martin, the defense firm that runs the database, could say why it became corrupted or whether they’ll be able to recover the information.

Apparently they did have backups, but ermm… the backups are corrupted too.

Remember folks, there’s no point making backups of your data if you don’t sometimes test that the backups actually work. That’s perhaps timely advice given the prevalence of ransomware right now.

(There’s no indication that the US Air Force’s database corruption is due to malicious meddling, by the way).

Continue reading Computer crash wipes out years of Air Force investigation records »