Items tagged with Encryption

Researchers from Radboud University in the Netherlands have announced a flaw that affects some SSDs that feature hardware-based security; the flaw could allow an attacker to completely bypass disk encryption. Bypassing the encryption would give the hackers full access to the local data without having to know the password for the disk. The researchers are clear that the flaw only affects certain SSD models that have hardware-based encryption. SSDs with hardware-based encryption have specific chips inside that handle the task of encrypting and decrypting data. The vulnerabilities that researchers Carlo Meijer and Bernard van Gastel found are in the firmware of the SSDs. The duo says that the... Read more...
One aspect of smartphones that largely gets overlooked is security. For many consumers, the technical details surrounding stronger encryption just isn't as interesting as advancements in camera technology and other prominent features. For those who do care to know more, however, Google wrote a blog post describing its Titan M chip that is the backbone of security for its recently launched Pixel 3 and Pixel 3 XL handsets. "Last year on Pixel 2, we also included a dedicated tamper-resistant hardware security module to protect your lock screen and strengthen disk encryption. This year, with Pixel 3, we’re advancing our investment in secure hardware with Titan M, an enterprise-grade security... Read more...
Apple has a history of butting heads with government officials over the topic of encryption, and specifically whether the Cupertino outfit should be forced to install a backdoor into its iOS devices primarily for law enforcement to use. It's not just the US Federal Bureau of Investigation (FBI) that Apple disagrees with, though. Apple is taking the Australian government to task over a "dangerously ambiguous" bill that deals with encryption. Australia's draft Access and Assistance Bill grants authority to certain agencies "to secure critical assistance from the communications industry and enable law enforcement to effectively investigate serious crimes in the digital era." The bill seeks to establish... Read more...
A pair of macOS security experts have discovered a bug in the latest version of macOS that exposes the contents of files, including ones that are encrypted and are supposed to be safe from prying eyes. The security flaw exists within Apple's 'Quick Look' feature, which caches thumbnails and names of files, even when the files are stored within a password protected encrypted container, such as a hard drive or a separate partition. The issue with Quick Look is that it stores that data in a non-encrypted location. Even worse, they apparently remain on the hard drive, even if a user deletes the original file that he or she previewed via QuickLook. "This means that all photos that you have previewed... Read more...
Apple has confirmed plans to bolt shut a security hole in iPhone devices that law enforcement agencies have been using to gain entrance into locked handsets after seizing them from suspected criminals. As can be imagined, those same agencies are none too pleased with Apple's decision. As far as Apple is concerned, however, it's a matter of security and privacy for consumers, both of which are compromised by certain third-party devices. For example, companies like GrayShift and Cellebrite offer USB devices that enable customers to thwart existing security measures in iOS, and in particular a set number of password guesses before being permanently locked out of an iPhone or the data is erased.... Read more...
The FBI has quoted statistics to the public and Congress that claimed investigators had been locked out of encrypted devices like smartphones nearly 7,800 times. It is now being reported that the actual number is much smaller in the area of between 1,000 and 2,000 incidents. The report claims that over a time frame of seven months, FBI Director Christopher A. Wray cited the inflated figure as evidence that the FBI needed to address what it calls "Going Dark." Going Dark is a term the FBI uses to describe the spread of encrypted software that can block investigators from accessing data on a device even when they have a court order authorizing the action. Reports indicate that the FBI... Read more...
Security researchers are warning anyone who uses PGP (Pretty Good Privacy) or S/MIME for email encryption to disable the scheme in their email clients right away, and to uninstall tools that automatically decrypt PGP-encrypted email, due to a security flaw. They've discovered a critical vulnerability dubbed EFAIL that could allow an attacker to view the contents of encrypted messages in plaintext, including emails that have been sent in the past. "There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client now," Sebastian Schinzel, a professor of computer security at FH Münster, stated... Read more...
The Federal Bureau of Investigation butted heads with Apple in 2016 and 2017 when the Cupertino company refused to build a backdoor into its iPhone handsets, which would allow law enforcement agencies to access locked devices at the expense of security for millions of iOS users. Fast forward to today and there's a report that law enforcement now has access to an inexpensive software tool that accomplishes the same thing. According to Motherboard, federal agencies and police forces across the country have been using a cheap tool called GrayKey thwart the encryption schemes of fully updated iPhone handsets. It even works on Apple's most recent handsets, including the iPhone X running iOS 11, the... Read more...
Skype has announced something that some users have wanted for a long time: end-to-end encryption for conversations. Skype Insiders can preview the new encryption feature right now, and it's called Private Conversations. With these conversations, end-to-end encryption for audio calls, text messages, images, audio files, and videos are now supported.  Private Conversations uses industry standard Signal Protocol by Open Whisper Systems. When you participate in one of the private sessions, that chat is hidden in notifications to keep what you share private. Microsoft's Ellen Kilbourne wrote, "Give it a try by selecting "New Private Conversation" from the compose menu or from the recipient’s... Read more...
Here we go again. In 2016, authorities tried to legally compel Apple to unlock an iPhone model that belonged to one of the terrorists in the San Bernardino shooting that left more than a dozen people dead. Apple resisted, and the Federal Bureau of Investigation dropped its lawsuit before the legal matter had a chance to fully play out in court. That may still happen, as authorities in Texas have searched Apple with a search warrant for various data contained on an iPhone belonging to Devin Patrick Kelley, the person behind the mass shooting in Sutherland Springs. Kelley slaughtered 26 people in a church before being shot dead himself by police. His motivation and other details surrounding the... Read more...
Most people have probably never been to Cloudflare's San Francisco office, but those who have been there would have noticed a large wall of lava lamps in the lobby. It is hard to miss—after all, it is not everyday that you come across dozens of lava lamps arranged on a set of shelves, not even in Spencer's where these groovy items are commonly found. What is not immediately obvious, however, is that the wall of lava lamps is not for decoration. Cloudfare is using them for encryption. It sounds wild, but for all that computers are capable of doing, the are not that great at picking random numbers. That is a problem, because proper cryptography relies on the ability to generate random digits that... Read more...
There's no secret that the FBI is not a big fan of device encryption on devices like smartphones. As we saw in the San Bernardino incident, then FBI director James Comey attempted to bully Apple into providing a backdoor to iOS and the Touch ID safe enclave in order to break into an iPhone 5s that was used by one of the terrorists. Apple refused to cave in, and the FBI eventually went with an outside firm to crack the device. Comey's successor, Christopher Wray, is once again fanning the flames when it comes to the debate between giving law enforcement agencies the tools necessary to unlock devices that are subject to a criminal investigation, and respecting the desire of everyday Americans... Read more...
In an effort to boost security on Android devices, Google is testing a feature called DNS (Domain Name Server) over TLS (Transport Layer Security) to protect users from hackers who might be spying on a site's traffic, according to the Android Open Source Project (AOSP). This experimental feature is currently fielding comments at the Internet Engineering Task Force (IETF). an Internet standards group.The DNS over TLS protocol encrypts DNS inquiries to same level as HTTPS, effectively blocking cyber snoops from logging or otherwise seeing the websites that users visit. HTTPS alone does not offer users full privacy, as without DNS over TLS, an attacker can look at DNS requests and guess which websites... Read more...
The new iStorage diskAshur2 is a specialized, external hard drive geared toward security conscious consumers. The diskAshur2 is a little pricey, and although it's no slouch in the speed department (we'll get into that in a bit), it's certainly not going to compete with that shiny new internal SSD you've got your eye on in terms of transfer speeds either. But here's the thing: It's plenty fast enough for just about anything you'd want to do, and just as importantly, it's both rugged and secure. So, despite a somewhat lofty asking price, the diskAshur2 is actually a pretty good deal. If you need its feature-set, you'll be happy to have made the investment for the added security layer.The diskAshur2... Read more...
In an era where high profile data breaches are becoming far too common, IBM has a solution that could help. The company on Monday unveiled IBM Z, a next generation mainframe that is is billing as the world's most powerful transaction system. Just as importantly, it offers pervasive encryption so that all data is encrypted all of the time, whether it is part of an application, cloud service, or chunks of bits in a database. "The vast majority of stolen or leaked data today is in the open and easy to use because encryption has been very difficult and expensive to do at scale," said Ross Mauri, General Manager, IBM Z. "We created a data protection engine for the cloud era to have a significant and... Read more...
Here's something you don't see too often: a ransomware creator unearthing the master decryption key for public consumption. That's exactly what we're seeing from Petya's original developer, allowing those affected by certain versions of Petya to recover their data, and developers the ability to create decrypters to make the entire process that much easier. Unfortunately, there are a number of major caveats here. The biggest one is the fact that most of those affected by these specific versions of Petya dealt with it last year, not recently. It stands to reason that many of those folks did not clone or keep their drive, because it could have felt like a lost cause. If you still have the data,... Read more...
We took part in an interesting demo this week that was both eye-opening and somewhat alarming. We met with representatives from Synaptics to discuss what we thought would be its latest sensor technology or HCI device, but were treated to a real-world hacking display that would leave most people slack-jawed. Why, you ask? Because in only a few minutes, an image of my fingerprint had been stolen and duplicated, and it was used to gain access to my smartphone (and a demo notebook), but it could have just as easily been a personal / corporate laptop or any other device with a fingerprint sensor.It turns out, Synaptics was in the area to promote its SentryPoint technology, which offers end-to-end... Read more...
A terrorist attack in the UK has sparked a debate over whether encrypted services should provide backdoor access to law enforcement. The terrorist, Khalid Masood, killed four people in Westminster. It is believed that Masood used the encrypted communication service WhatsApp just minutes before the attack. That prompted UK's house secretary Amber Rudd to pressure WhatsApp and other services to rethink their approach to encryption."It is completely unacceptable, there should be no place for terrorists to hide. We need to make sure that organizations like WhatsApp, and there are plenty of others like that, don't provide a secret place for terrorists to communicate with each other," Ms. Rudd stated... Read more...
An appeals court in Florida has overturned a previous ruling that stated a man suspected of voyeurism should not be compelled to give up the passcode to his iPhone as it violate the Fifth Amendment and force him to testify against himself. The appeals court disagreed with that ruling and has ordered the iPhone owner to provide his four-digit passcode to law enforcement.Police arrested Aaron Stahl after a woman who was out shopping allegedly saw him bend down and extend and an illuminated mobile phone under her skirt. Court records say that when she confronted Stahl about the incident, he claimed to have dropped his phone. He then ran out of the store when the woman called out for help. Police... Read more...
When the topic of encryption comes up, it is often related to smartphones and tablets, and the differing opinions on the matter between hardware makers such as Google and Apple versus government agencies. Those are not the only areas where encryption matters. In an open letter to the camera makers around the world, Freedom of the Press Foundation makes a plea to build encryption into still photo and video cameras to protect the "safety and security" of photojournalists and filmmakers, along with their sources.The open letter is signed by more 150 documentary filmmakers and photojournalists. It is an issue that resonates throughout the industry and is of concern to both those who work independently... Read more...
Malware writers continue to find ways to make themselves out to be bigger scumbags than they already are. The latest dirty trick by the worst the web has to offer is a new twist on ransomware. Instead of simply encrypting the files on an infected PC and demanding a ransom in order to decrypt them, a variant called Popcorn Time encourages victims to infect others by offering a free key if they can get spread the ransomware to two other people.I wouldn't rank this as a new low in malware and its authors—that distinction belongs to the soulless jerks who injected a script into the Epilepsy Foundation's website that redirected visitors to a page with seizure inducing animated GIFs. If there's a line... Read more...
A cloud security outfit is warning that a new ransomware strain called Stampado has emerged from the underground market and is wreaking havoc on systems. What makes Stampado stand out from the crowd is that it is available on the dark web for only $39 with a full lifetime license. That makes it one of the least expensive and most accessible ransomware strains out there.Don't be fooled by Stampado's low price tag, the ransomware strain is capable of doing big time damage. As is often the case with malware, Stamapado typically arrives on system through spam emails or drive by downloads. It installs itself in the %AppData% folder under the name scvhost.exe, a slight deviation on a genuine Windows... Read more...
Prev 1 2 3 4 5 Next ... Last