It has been a pretty good month for security with concerned internet users signing a petition on https://savecrypto.org/. The petition is getting close to the initial goal of one hundred thousand signatures. On October 10th, Obama–already–kind of responded by saying he would not require new laws that guarantee government access to encrypted information but unfortunately there is still room for secret back door deals. You can read more about it here.
Some of the best news of all comes form Lets Encrypt. They announced receiving cross-signatures from IdenTrust so all major browsers will trust the certificates the organization issues. The goal is to have a free, automated, and open method for encrypting content on the web. This means that every website including blogs will be able to serve encrypted content to users at no extra cost.
More details can be found on their webpage: https://letsencrypt.org/2015/10/19/lets-encrypt-is-trusted.html
Although it seems there is still a lot of progress to be made and some people would argue we are seeing the start of the next cryptowars.
Researchers released some news which much of the security community may have already guessed. 512-bit RSA encryption is apparently super easy to beat with the help of Amazon Cloud and there is a fatal flaw with how we generate 1024-bit keys. Researchers found a serious flaw in the way the key exchange is implemented is allowing the NSA to break and eavesdrop on trillions of encrypted connections (Goodin, D. 2015). ArsTechnica, a site I visit often, covered both of those stories very well below: