Items tagged with Encryption

Several technology firms have written an open letter to the GCHQ (Government Communications Headquarters), a UK intelligence and security organization, in response to the agency's proposed eavesdropping measure. If implemented, law enforcement would be able to spy on encrypted messages, such as those that are sent with WhatsApp, a secure instant messaging platform. WhatsApp is one of nearly four dozen signature on the open letter. Others include Apple, Google, and Microsoft. At issue is a "ghost" protocol that would effectively allow law enforcement or some other entity to silently observe encrypted chats in plain text, both without the knowledge of the parties participating in the chat, and... Read more...
Firefox Send, a file transfer service that Mozilla first introduced in beta form back in 2017, is now fully available for the public to try out. Mozilla has repositioned Firefox as an alternative browser with a heavy focus and security and privacy, and Firefox Send is an extension of this philosophy. With Firefox Send, you can head over to send.firefox.com and transfer files up to 1TB in size to another person. You can use any browser -- not just Firefox -- to initiate the transfer. This is done completely free of charge, and there are no strings attached. In addition, Firefox Send uses end-to-end encryption to ensure that your data is safe.  Wisely, Mozilla is providing granular... Read more...
Is your data secure? Researchers recently discovered a new variation of the Bleichenbacher oracle attack that could threaten TLS 1.3 encryption. Seven researchers discovered that OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS utilized TLS protocols vulnerable to attacks. Google's new QUIC encryption protocol proved to be in danger as well. Their findings were published this past November in an article entitled, “The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations”.  Transport Layer Security (TLS) is a cryptographic protocol that provides end-to-end security over a computer network. It is commonly used in email, instant... Read more...
Encryption certainly isn't the sexiest of topics for most people; we want our data to be secure from nefarious sorts and then move on. The challenge with encryption is that depending on the algorithm and type of encryption used, it can consume lots of system resources. This isn't such a big deal on high-end smartphones as many of them have special hardware to handle the encryption workload. It is a big deal on lower-end devices that have to do all the encryption work on the main SoC, and for those devices, it can mean poor performance and batteries that drain faster. Google has a new mode of storage encryption called Adiantum that is made specifically for devices that lack the capacity to use... Read more...
Go home, Australian government, you're drunk. That's the general sentiment among technology firms and privacy advocates around the world, in response to a controversial encryption bill Australia's parliament passed this week. The new legislation forces companies to crack their own encryption when and if it's requested by law enforcement and intelligence agencies. That in and of itself is controversial—Apple, for example, refused the US Federal Bureau of Investigation's demands to build a backdoor into iOS so that it could crack an iPhone that was confiscated from a crime scene. The issue was headed to court, until the FBI found another way to unlock the iPhone, and subsequently dropped... Read more...
Researchers from Radboud University in the Netherlands have announced a flaw that affects some SSDs that feature hardware-based security; the flaw could allow an attacker to completely bypass disk encryption. Bypassing the encryption would give the hackers full access to the local data without having to know the password for the disk. The researchers are clear that the flaw only affects certain SSD models that have hardware-based encryption. SSDs with hardware-based encryption have specific chips inside that handle the task of encrypting and decrypting data. The vulnerabilities that researchers Carlo Meijer and Bernard van Gastel found are in the firmware of the SSDs. The duo says that the... Read more...
One aspect of smartphones that largely gets overlooked is security. For many consumers, the technical details surrounding stronger encryption just isn't as interesting as advancements in camera technology and other prominent features. For those who do care to know more, however, Google wrote a blog post describing its Titan M chip that is the backbone of security for its recently launched Pixel 3 and Pixel 3 XL handsets. "Last year on Pixel 2, we also included a dedicated tamper-resistant hardware security module to protect your lock screen and strengthen disk encryption. This year, with Pixel 3, we’re advancing our investment in secure hardware with Titan M, an enterprise-grade security... Read more...
Apple has a history of butting heads with government officials over the topic of encryption, and specifically whether the Cupertino outfit should be forced to install a backdoor into its iOS devices primarily for law enforcement to use. It's not just the US Federal Bureau of Investigation (FBI) that Apple disagrees with, though. Apple is taking the Australian government to task over a "dangerously ambiguous" bill that deals with encryption. Australia's draft Access and Assistance Bill grants authority to certain agencies "to secure critical assistance from the communications industry and enable law enforcement to effectively investigate serious crimes in the digital era." The bill seeks to establish... Read more...
A pair of macOS security experts have discovered a bug in the latest version of macOS that exposes the contents of files, including ones that are encrypted and are supposed to be safe from prying eyes. The security flaw exists within Apple's 'Quick Look' feature, which caches thumbnails and names of files, even when the files are stored within a password protected encrypted container, such as a hard drive or a separate partition. The issue with Quick Look is that it stores that data in a non-encrypted location. Even worse, they apparently remain on the hard drive, even if a user deletes the original file that he or she previewed via QuickLook. "This means that all photos that you have previewed... Read more...
Apple has confirmed plans to bolt shut a security hole in iPhone devices that law enforcement agencies have been using to gain entrance into locked handsets after seizing them from suspected criminals. As can be imagined, those same agencies are none too pleased with Apple's decision. As far as Apple is concerned, however, it's a matter of security and privacy for consumers, both of which are compromised by certain third-party devices. For example, companies like GrayShift and Cellebrite offer USB devices that enable customers to thwart existing security measures in iOS, and in particular a set number of password guesses before being permanently locked out of an iPhone or the data is erased.... Read more...
The FBI has quoted statistics to the public and Congress that claimed investigators had been locked out of encrypted devices like smartphones nearly 7,800 times. It is now being reported that the actual number is much smaller in the area of between 1,000 and 2,000 incidents. The report claims that over a time frame of seven months, FBI Director Christopher A. Wray cited the inflated figure as evidence that the FBI needed to address what it calls "Going Dark." Going Dark is a term the FBI uses to describe the spread of encrypted software that can block investigators from accessing data on a device even when they have a court order authorizing the action. Reports indicate that the FBI... Read more...
Security researchers are warning anyone who uses PGP (Pretty Good Privacy) or S/MIME for email encryption to disable the scheme in their email clients right away, and to uninstall tools that automatically decrypt PGP-encrypted email, due to a security flaw. They've discovered a critical vulnerability dubbed EFAIL that could allow an attacker to view the contents of encrypted messages in plaintext, including emails that have been sent in the past. "There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client now," Sebastian Schinzel, a professor of computer security at FH Münster, stated... Read more...
The Federal Bureau of Investigation butted heads with Apple in 2016 and 2017 when the Cupertino company refused to build a backdoor into its iPhone handsets, which would allow law enforcement agencies to access locked devices at the expense of security for millions of iOS users. Fast forward to today and there's a report that law enforcement now has access to an inexpensive software tool that accomplishes the same thing. According to Motherboard, federal agencies and police forces across the country have been using a cheap tool called GrayKey thwart the encryption schemes of fully updated iPhone handsets. It even works on Apple's most recent handsets, including the iPhone X running iOS 11, the... Read more...
Skype has announced something that some users have wanted for a long time: end-to-end encryption for conversations. Skype Insiders can preview the new encryption feature right now, and it's called Private Conversations. With these conversations, end-to-end encryption for audio calls, text messages, images, audio files, and videos are now supported.  Private Conversations uses industry standard Signal Protocol by Open Whisper Systems. When you participate in one of the private sessions, that chat is hidden in notifications to keep what you share private. Microsoft's Ellen Kilbourne wrote, "Give it a try by selecting "New Private Conversation" from the compose menu or from the recipient’s... Read more...
1 2 3 4 5 Next ... Last