“Since the key is available to TrustZone, Qualcomm, and OEMs [Original Equipment Manufacturers] could simply create and sign a TrustZone image which extracts the KeyMaster keys and flash it to the target device,” Beniamini wrote. “This would allow law enforcement to easily brute force the FDE password off the device using the leaked keys.”
Google has added some new sections to their Transparency Reporting site. The most interesting is the new ‘HTTPS on top sites‘ page which shows some interesting details for a list of sites which make up around 25% of all website traffic world wide.
Some heavy hitters in the list which aren’t even trying to serve website content over HTTPS:
Some of the ‘good’ sites which have best practice configuration:
Source: Transparency Report – Google