Comodo, a company you probably never heard of which holds one of the many master keys to the Internet’s SSL X.509 Public Key Infrastructure (PKI) system, admitted that their root certificate authorities have been compromised by attackers.  Those attackers issued themselves SSL certificates for seven companies including Google, Skype, and Yahoo so they can fully masquerade [...]

Twitter is responding to mounting pressure after some high profile account compromises by allowing customers to opt-in to always-on secure HTTPS SSL mode.  Unfortunately, I doubt most people will go to the trouble of opting in by going to the security settings.  Since HTTPS is virtually cost-free to operate continuously for websites that already support HTTPS, Twitter [...]

It appears that Ashton Kutcher has become a high profile victim of Twitter’s negligence when someone at the TED conference hijacked Kutcher’s Twitter account using tools like Firesheep.  The Twitter PR account @TwitterGlobalPR twitted that Kutcher should have enabled SSL by typing HTTPS in front of twitter.com, but that deflects from the fact that it’s [...]

I’ve been hammering popular online services like Facebook and Twitter for months for utterly weak efforts to protect consumers so I was pleased to hear that Senator Chuck Schumer has joined the fight. Some of the worst online services in my online security report card were served letters by Senator Schumer asking them to turn SSL security on by default.

Facebook’s new full SSL feature finally works three years after it became widely known that Facebook user accounts were easily hijacked. Unfortunately, their update still won’t fully protect Facebook users because Facebook forgot to deploy HTTPS authentication on the user login page.

Hillicon Valley reports that Rep. Jackie Speier (D-CA) will introduce legislation dealing with online privacy next week. The legislation will provide an “opt out” for individuals that do not want to allow advertisers to track them.

Athima Chansanchai has an expanded report on CNET’s Caroline McCarthy’s story on Facebooks move to take over the Internets commenting systems.

Facebook announced that they’ve finally added secure web browsing for Facebook 2 months after the release of the Firesheep tool that made it trivially easy to hack Facebook accounts.  That prompted me to give them an “F” in security which was widely cited in the media.  But there are some major problems with this update [...]

Microsoft attempts to recruit iPhone and PS3 hacker George Hotz as a “developer”.

ICanStalkU.com website was created in 2010 by Jackson, Pesce, and Mayhemic Labs in order to convey to individuals information that they may be inadvertently be sharing online that they normally would not share because of privacy concerns.