Threat Post

JSON Libraries Patched Against Invalid Curve Crypto Attack

JSON libraries using the JWE specification to create, sign and encrypt access tokens have been patched against an attack that allows for the recovery of a private key. A number of JSON libraries using ...
InfoWorld

Critical flaw alert! Stop using JSON encryption

Developers shouldn't use JSON Web Tokens or JSON Web Encryption in their applications at all, lest their private keys get stolen A vulnerability in a JSON-based web encryption protocol could allow ...
Wired

A Controversial Plan to Encrypt More of the Internet

The security community generally agrees on the importance of encrypting private data: Add a passcode to your smartphone. Use a secure messaging app like Signal. Adopt HTTPS web encryption. But a new ...
Government Technology

As Google's Deadline for Web Encryption Looms, Many State and Local Websites Don't Meet the Standard

Google, the most widely used Web browser in the world, thinks a majority of state and local government websites aren’t doing enough to protect the people visiting them. And starting in July, that ...