Double-Encrypting Ransomware

Schneier on Security

In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. In that case, data is only encrypted once, but a victim would need both decryption keys to unlock everything. Uncategorized encryption extortion malware ransomware

Zoom Lied about End-to-End Encryption

Schneier on Security

The facts aren’t news, but Zoom will pay $85M — to the class-action attorneys, and to users — for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent. Uncategorized courts encryption lies videoconferencing


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Storing Encrypted Photos in Google’s Cloud

Schneier on Security

New paper: “ Encrypted Cloud Photo Storage Using Google Photos “: Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices.

FBI/AFP-Run Encrypted Phone

Schneier on Security

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. We’ve seen law enforcement take over encrypted apps before: for example, EncroChat.

Let's Encrypt Vulnerability

Schneier on Security

The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. I am seeing nothing on the Let's Encrypt website.

Intentional Flaw in GPRS Encryption Algorithm GEA-1

Schneier on Security

The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Details are in the paper: “ Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2.”

Cryptanalysis of an Old Zip Encryption Algorithm

Schneier on Security

Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. bitcoin cryptanalysis cryptocurrency cryptography encryptionDefCon talk here.

Google Releases Basic Homomorphic Encryption Tool

Schneier on Security

From a Wired article : Private Join and Compute uses a 1970s methodology known as "commutative encryption" to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys are used in. This is helpful for multiparty computation, where you need to apply and later peel away multiple layers of encryption without affecting the computations performed on the encrypted data. cryptography encryption google

Zoom Will Be End-to-End Encrypted for All Users

Schneier on Security

Zoom is doing the right thing : it's making end-to-end encryption available to all users, paid and unpaid. cybersecurity encryption securityengineering twofactorauthentication videoconferencing

WhatsApp starts offering password enabled encryption to user backups

CyberSecurity Insiders

From now on, all WhatsApp backups will be protected by a password enabled encryption method offering an extra layer of security protection to users from spying eyes. The post WhatsApp starts offering password enabled encryption to user backups appeared first on Cybersecurity Insiders.

MongoDB Offers Field Level Encryption

Schneier on Security

MongoDB now has the ability to encrypt data by field : MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. authentication cryptography encryption hacking keys

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. This challenges the view that hardware encryption is preferable over software encryption.

Enterprise Data Encryption Use Reaches Historic Highs

Security Boulevard

For decades, enterprise data encryption and effective key management were something most enterprises wanted to do but couldn’t — if they tried to do it at all. The post Enterprise Data Encryption Use Reaches Historic Highs appeared first on Security Boulevard.

Data Leakage from Encrypted Databases

Schneier on Security

Matthew Green has a super-interesting blog post about information leakage from encrypted databases. academicpapers databases encryptionIt describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson. Even the summary is too much to summarize, so read it.

Companies Fail to Encrypt, Protect Data in the Cloud

Security Boulevard

Most—a whopping 83%—have failed to encrypt even half the sensitive data they have tucked away. The post Companies Fail to Encrypt, Protect Data in the Cloud appeared first on Security Boulevard.

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

Schneier on Security

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Attorney General William Barr on Encryption Policy

Schneier on Security

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Particularly with respect to encryption marketed to consumers, the significance of the risk should be assessed based on its practical effect on consumer cybersecurity, as well as its relation to the net risks that offering the product poses for society. backdoors cryptowars encryption essays lawenforcement nationalsecuritypolicy

Top 10 Full Disk Encryption Software Products of 2021

eSecurity Planet

In cases, full disk encryption is a necessary feature. Encrypted data provides an obstacle and a layer of risk mitigation against loss since the data is not easily readable without the right encryption key. Encrypted data involves both data in transit and data at rest.

Breaking Encryption Myths (EU Commission on Encryption)

Adam Shostack

I’ve signed onto a letter to the European Commission on end to end encrypted communications. Software Engineering

Cryptanalyzing a Pair of Russian Encryption Algorithms

Schneier on Security

academicpapers algorithms backdoors cryptanalysis cryptography encryption hashes russiaA pair of Russia-designed cryptographic algorithms -- the Kuznyechik block cipher and the Streebog hash function -- have the same flawed S-box that is almost certainly an intentional backdoor. It's just not the kind of mistake you make by accident, not in 2014.

G7 Comes Out in Favor of Encryption Backdoors

Schneier on Security

Some G7 countries highlight the importance of not prohibiting, limiting, or weakening encryption; There is a weird belief amongst policy makers that hacking an encryption system's key management system is fundamentally different than hacking the system's encryption algorithm. Both are ways of weakening encryption. backdoors encryption g7 hacking keyescrow keys lawenforcement terrorism

Ray Ozzie's Encryption Backdoor

Schneier on Security

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. The public key goes into the processor and the device, and is used to encrypt whatever user key encrypts the data. backdoors cryptowars cryptography encryption keyescrow lawenforcement securityengineeringIt's a weird article.

Kei Karasawa Discusses Attribute-Based Encryption

Security Boulevard

TechSpective Podcast Episode 080 Encryption is a key element of effective security–but it can also be complex and cumbersome. The post Kei Karasawa Discusses Attribute-Based Encryption appeared first on TechSpective. Endpoint Security Bloggers Network encryption Podcasts

Another Story of Bad 1970s Encryption

Schneier on Security

The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. Philips, together with Siemens, built an encryption machine in the late 1970s.

Spike in encrypted malware poses dual challenge for CISOs

CSO Magazine

Without proper inspection, encrypted data can be a significant security threat as the volume of malware in encrypted traffic grows. That’s the takeaway from two sets of new research into the threat malware hidden in encrypted traffic poses to organizations.

CISO 105

German SG-41 Encryption Machine Up for Auction

Schneier on Security

cryptography encryption germany historyofcryptographyA German auction house is selling an SG-41. It looks beautiful. Starting price is 75,000 euros. My guess is that it will sell for around 100K euros.

WhatsApp Flaw Casts Doubt on End-to-End Encryption

Security Boulevard

A recently fixed WhatsApp security vulnerability that, if exploited, could cause data leakage underscores the fact that hackers can bypass end-to-end encryption with some machinations. The post WhatsApp Flaw Casts Doubt on End-to-End Encryption appeared first on Security Boulevard.

IEEE Statement on Strong Encryption vs. Backdoors

Schneier on Security

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms such as "backdoors" or "key escrow schemes" in order to facilitate government access to encrypted data. backdoors encryption keyescrow nationalsecuritypolicy vulnerabilities

Serious Security: Let’s Encrypt gets ready to go it alone (in a good way!)

Naked Security

Let's Encrypt is set to become a mainstream, self-certifying web certificate authority - here's why it took so many years. Cryptography cybersecurity https Lets Encrypt TLS

WhatsApp made available end-to-end encrypted chat backups

Security Affairs

WhatsApp made available end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing user chats. Currently, WhatsApp allows users to backup their chats on cloud storage services, but these backups are not end-to-end encrypted.

Attorney General Barr and Encryption

Schneier on Security

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Particularly with respect to encryption marketed to consumers, the significance of the risk should be assessed based on its practical effect on consumer cybersecurity, as well as its relation to the net risks that offering the product poses for society.

Role of Encryption in GDPR Compliance

Security Boulevard

Encryption has been a hot topic of discussion during the implementation phase of most data privacy laws. The post Role of Encryption in GDPR Compliance appeared first on The State of Security. The post Role of Encryption in GDPR Compliance appeared first on Security Boulevard.

How encryption can help address Cloud misconfiguration

Thales Cloud Protection & Licensing

How encryption can help address Cloud misconfiguration. So, whichever way you go, there is, across time, a very high likelihood that a CSP's encryption, tokenization, or key management scheme will be misconfigured either by the CSP itself or by the CSP user.

How Cybercriminals Hack “Encrypted” Passwords

Security Boulevard

To protect a database of passwords in the event of a breach, businesses often employ one-way encryption using hashing to make passwords harder to use. The post How Cybercriminals Hack “Encrypted” Passwords appeared first on Enzoic.

Vaultree Raises $3.3M for Encryption Solution

Dark Reading

The company's platform uses Enhanced Searchable Symmetric Encryption (ESSE) and Fully Homomorphic Encryption (FHE) technologies

Top Enterprise Encryption Products

eSecurity Planet

Encryption remains a mainstay of IT security technology, a critical tool for protecting sensitive data. We evaluate the top encryption solutions

Trojan Shield, the biggest ever police operation against encrypted communications

Security Affairs

Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The secure devices don’t use phone number to communicate because the encrypted traffic it relayed via An0m’s central platform.

Belgian Police Crack Encrypted Chat App to Seize $1.65 Billion Worth of Cocaine

Hot for Security

Police specialists in Belgium managed to crack an encrypted messaging service, revealing detailed information about cocaine shipments into Antwerp, Belgium. billion) after cracking the encryption algorithm of Sky ECC, a supplier of modified phones designed for ultra-private communications.

More on the Five Eyes Statement on Encryption and Backdoors

Schneier on Security

Earlier this month, I wrote about a statement by the Five Eyes countries about encryption and back doors. backdoors cryptowars cryptography encryption intelligence lawenforcement privacyShort summary: they like them.) One of the weird things about the statement is that it was clearly written from a law-enforcement perspective, though we normally think of the Five Eyes as a consortium of intelligence agencies.

Presidential Candidate Andrew Yang Has Quantum Encryption Policy

Schneier on Security

At least one presidential candidate has a policy about quantum computing and encryption. One: fund quantum-resistant encryption standards. blockchain cryptography encryption nationalsecuritypolicy quantumcomputingIt has two basic planks. Note: NIST is already doing this.) Two, fund quantum computing. Unlike many far more pressing computer security problems, the market seems to be doing this on its own quite nicely.).

A Road to a Consistent Encryption Strategy

Security Boulevard

Unlike the rest of the world, adoption of enterprise-wide encryption strategies has not grown in the Middle East, in fact. The post A Road to a Consistent Encryption Strategy appeared first on Entrust Blog.

Virginia Beach Police Want Encrypted Radios

Schneier on Security

This article says that the Virginia Beach police are looking to buy encrypted radios. Virginia Beach police believe encryption will prevent criminals from listening to police communications. backdoors encryption lawenforcement policeThey said officer safety would increase and citizens would be better protected. Someone should ask them if they want those radios to have a backdoor.

Zettaset Unveils Encryption Management Console

Security Boulevard

Zettaset today added a management console to its portfolio that promises to simplify managing encryption on an end-to-end basis via integrations with third-party key managers that comply with the key management interoperability protocol (KMIP).