Skip to main content
Go to ssd.eff.org
 
A Project of the Electronic Frontier Foundation
Security Education Companion
A free resource for digital security educators

Security News

Security News is an archive of curated EFF Deeplinks posts for trainers, technologists, and educators who teach digital security.

Issues that we track here include: country-specific policy updates on security and privacy, updates on malware and vulnerabilities, discussions on encryption and privacy-protecting tools, updates on surveillance (corporate surveillance, street-level surveillance, and mass surveillance), device searches by law and border enforcement, tracking via devices, and general digital security tips.

All tags vulnerabilities international security policy frontline communities corporations and user data adversary capabilities metadata digital security trainers ... phone security guide tracking borders PGP social media security HTTPS cell-site simulators software updates tutorial cloud security phishing browser privacy wi-fi security biometrics automated license plate readers 2FA internet of things tor source code wiping data printer security cryptography passwords

Not So Pretty: What You Need to Know About E-Fail and the PGP Flaw

by Erica Portnoy, Danny O'Brien, and Nate Cardozo | May 14, 2018

UPDATE: Enigmail and GPG Tools have been patched for EFAIL. For more up-to-date information, please see EFF's Surveillance Self-Defense guides.

Don’t panic! But you should stop using PGP for encrypted email and switch to a different secure communications method for now.

A group of researchers released a paper today that describes a new class of serious vulnerabilities in PGP (including GPG), the most popular email encryption standard. The new paper...

Read More

Attention PGP Users: New Vulnerabilities Require You To Take Action Now

by Danny O'Brien and Gennie Gebhart | May 14, 2018

UPDATE: Enigmail and GPG Tools have been patched for EFAIL. For more up-to-date information, please see EFF's Surveillance Self-Defense guides.

UPDATE (5/14/18): More information has been released. See EFF's more detailed explanation and analysis here.

A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and...

Read More

KRACK Vulnerability: What You Need To Know

by Joseph Bonneau | October 19, 2017

This week security researchers announced a newly discovered vulnerability dubbed KRACK, which affects several common security protocols for Wi-Fi, including WPA (Wireless Protected Access) and WPA2. This is a bad vulnerability in that it likely affects billions of devices, many of which are hard to patch and will remain vulnerable for a long time. Yet in light of the sometimes overblown media coverage, it’s important to keep the impact of KRACK in perspective: KRACK does not...

Read More

Hey CIA, You Held On To Security Flaw Information—But Now It's Out. That's Not How It Should Work

by Cindy Cohn | March 07, 2017

Wikileaks today released documents that appear to describe software tools used by the CIA to break into the devices that we all use at home and work. While we are still reviewing the material, we have not seen any indications that the encryption of popular privacy apps such as Signal and WhatsApp has been broken. We believe that encryption still offers significant protection against surveillance.

The worst thing that...

Read More

Cryptographers Demonstrate Collision in Popular SHA-1 Algorithm

by Bill Budington | February 24, 2017

On February 23rd, a joint team from the CWI Amsterdam and Google announced that they had generated the first ever collision in the SHA-1 cryptographic hashing algorithm. SHA-1 has long been considered theoretically insecure by cryptanalysts due to weaknesses in the algorithm design, but this marks the first time researchers were actually able to demonstrate a real-world example of the insecurity. In addition to being a powerful Proof of Concept (POC), the computing power that went into...

Read More
Close tooltip