Items tagged with Encryption

"Xara" might sound like a cool name for an exploit, but according to researchers at three different US universities, it's one that should cause some alarm. At its root, if Xara is properly exploited, attackers would be able to procure passwords stored in OS X's Keychain, which could be used for most or all of someone's applications. Specific details are not covered, but it seems that if an app is installed on OS X that takes advantage of this exploit, it can take control of the stored passwords, and other information that might be present (eg: the login username itself). Examples given are hijacking... Read more...
Microsoft this week announced that web searches made using the company's Bing search engine will soon be encrypted by default. In actuality, users have been able to encrypt searches made via Bing for around a year and a half now, though sometime before summer comes to an end, it will be a standard option for all users. The move will level the playing field with Google and Yahoo, both of which already offer encrypted searches by default. Of course, the bodies at Microsoft still need to eat and so the company will conintue to pass along referrer strings to marketers and webmasters that identify traffic... Read more...
At this point, the resetting of a mobile phone to a from-the-factory state is something we have all done, perhaps simply to get a fresh start with a device that has become sluggish and over-burdened with years of downloaded flotsam. But more likely, we do it for the purpose of selling the phone or passing it along to a friend or family member. We rely on such a reset to completely wipe the phone of any trace of our having used it, all settings and sensitive data. The results of a study performed in the UK by University of Cambridge researchers entitled Security Analysis of Android... Read more...
Where’s Jackie Treehorn when you need him? There’s a new browser exploit that’s making the rounds across the internet, and it’s capable of some pretty nasty stuff. Closely related to the FREAK exploit that we detailed a few months back, Logjam works its magic by using a main-in-the middle attack on the Diffie-Hellman protocol, downgrading vulnerable transport layer security (TLS) connections to just 512-bits of encryption — skilled hackers could crack 512-bit encryption keys in mere minutes. According to WeakDH, the Logjam exploit affects 0.2 percent of the top one million domains on the web. That... Read more...
Apple and Google are part of a coalition consisting of more than 140 tech firms, cryptologists, and civil society groups who have come together to urge President Barack Obama to shut down any government proposals that would require smartphones and other communications to have so-called backdoors for law enforcement to view customer data. The coalition sent a letter obtained by The Washington Post talking about the importance of "strong encryption." It serves as a counterargument to the recent warnings of senior law enforcement officials who warn that restricting access to data and communications... Read more...
Thanks to the former NSA contractor Edward Snowden, we know that the United States government has in place a sophisticated and all-encompassing spying program, and as time goes on, additional details leak out that underscore how little privacy we truly have. Whether it's intercepting Skype communications or tampering with hard drives, the concept of privacy is fast becoming an illusion. So, would it really be surprising to find out that the Central Intelligence Agency (CIA) has been working for years to exploit Apple's iPhone and iPad devices?It's true, according to The Intercept, which claims... Read more...
U.S. President Barack Obama is getting a little hot under the collar, and we’re not talking about the speech that Israeli Prime Minister Benjamin Netanyahu gave this morning. Instead, President Obama is troubled over new regulations that are being proposed by the Chinese government, which would affect American tech companies that conduct business within China’s borders. President Obama is fearful that China’s plans — which include allowing the Chinese government to install security backdoors, requiring companies to hand over encryption keys, and keeping user data on Chinese soil — are an assault... Read more...
Encryption has been a feature of Android since 2011, though it's never been turned on by default. That was supposed to change with Android 5.0 Lollipop, as Google said in no uncertain terms back in September 2014 that users wouldn't have to give the feature a second thought. Unfortunately, it appears as though Google has backed down from its requirement that all Lollipop devices ship with encryption enabled by default. According to ArsTechnica, some new Lollipop phones from Google's partners are shipping without encryption turned on. One of them is the second-generation Moto E, and it's being reported... Read more...
Samsung has confirmed that some of its slightly older Smart TV models are currently uploading recorded voice communication without any form of encryption to protect the user's privacy. This goes against what Samsung stated in a recent blog post clarifying the limited circumstances in which voice commands are recorded and transmitted to a server. Backtracking a moment, the web freaked out when it was discovered that Samsung's Smart TVs were seemingly eavesdropping on living room conversations. The truth wasn't quite as nefarious, though a supplement to Samsung's privacy policy did reveal that some... Read more...
It's bad enough when you're in possession of a database containing 80 million customer records and it gets hacked. But what's even worse than that is when you fail to encrypt all that data. Such is the unfortunate situation facing Anthem, the second largest healthcare provider in the U.S., and its tens of millions of customers who are potentially affected by a recent security breach. Had Anthem encrypted its records, the stolen data might not be all that valuable to hackers, or at least more difficult to access. But the reason Anthem consciously chose not to encrypt all that data is so that it... Read more...
If you believe that your privacy is important - so important that the government can't even breach it - you're not going to like president Obama's latest comments. During a meeting at the White House with UK prime minister Dave Cameron, it was established that both leaders share the same stance on user privacy: you're fine to have it, as long as the government can peer in. With the latest release of Apple's iOS and Google's Android, both companies have proven that they believe that consumers have the right to their privacy. Both of the latest OSes have introduced encryption that they claim they... Read more...
Google is on a mission to make end-to-end encryption more accessible for less savvy users than existing tools like PGP and GnuPG. The way it intends to do this is through its End-to-End tool, a work in progress that's currently in alpha form, albeit recently updated and in the process of being migrated to GitHub in hopes that more developers will comb over the protocol. Yahoo is working with Google on its End-to-End encryption tool and has already offered up several contributions, many of which are found in the latest release. The latest alpha also includes more documentation, including a fleshed... Read more...
It's sad that we can't go more than a day lately without learning more about how governments love to eavesdrop on us, removing whatever privacy we have left. Just yesterday, we talked about the continued pressure law enforcement is putting on companies like Apple and Google regarding encryption on their respective mobile devices. For the end-user, encryption is a great thing. For governments trying to dig up information on you, it's not - which in turn is yet another great thing for consumers. Because spying has become such a major issue, the EFF has done much to inform the public about the best... Read more...
It's been no secret that most law enforcement, including the biggest US government agencies, would rather encryption didn't exist outside of its own use. Just this past week, we saw the Department of Justice defend its stance on scooping up user data en masse, and in September, we talked twice about the 'major heartburn' that companies like Apple and Google were causing law enforcement with their stance on encryption. In both the latest version of Apple's iOS (8) and Google's Android (5), data encryption is turned on by default. As soon as both companies made that fact known, law enforcement immediately... Read more...
1 2 3 4 Next