Threat Post

JSON Libraries Patched Against Invalid Curve Crypto Attack

JSON libraries using the JWE specification to create, sign and encrypt access tokens have been patched against an attack that allows for the recovery of a private key. A number of JSON libraries using ...
InfoWorld

Critical flaw alert! Stop using JSON encryption

Developers shouldn't use JSON Web Tokens or JSON Web Encryption in their applications at all, lest their private keys get stolen A vulnerability in a JSON-based web encryption protocol could allow ...
Wired

A Scheme to Encrypt the Entire Web Is Actually Working | WIRED

Apple's move to encrypt your iPhone and WhatsApp's rollout of end-to-end encrypted messaging have generated plenty of privacy applause and law enforcement controversy. But more quietly, a small ...
Wired

Cloudflare Launches a Three-Pronged Attack to Encrypt the Entire Web

The push for web encryption, or HTTPS, is a crucial, attainable step in improving the Internet's privacy and security. And ideally, we'd encrypt the entire web, as some organizations are trying to do.