Double-Encrypting Ransomware

Schneier on Security

In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. In that case, data is only encrypted once, but a victim would need both decryption keys to unlock everything. Uncategorized encryption extortion malware ransomware

Storing Encrypted Photos in Google’s Cloud

Schneier on Security

New paper: “ Encrypted Cloud Photo Storage Using Google Photos “: Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Let's Encrypt Vulnerability

Schneier on Security

The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. I am seeing nothing on the Let's Encrypt website.

Intentional Flaw in GPRS Encryption Algorithm GEA-1

Schneier on Security

The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Details are in the paper: “ Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2.”

FBI/AFP-Run Encrypted Phone

Schneier on Security

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. We’ve seen law enforcement take over encrypted apps before: for example, EncroChat.

Cryptanalysis of an Old Zip Encryption Algorithm

Schneier on Security

Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. bitcoin cryptanalysis cryptocurrency cryptography encryptionDefCon talk here.

Breaking Encryption Myths (EU Commission on Encryption)

Adam Shostack

I’ve signed onto a letter to the European Commission on end to end encrypted communications. Software Engineering

Data Leakage from Encrypted Databases

Schneier on Security

Matthew Green has a super-interesting blog post about information leakage from encrypted databases. academicpapers databases encryptionIt describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson. Even the summary is too much to summarize, so read it.

Google Releases Basic Homomorphic Encryption Tool

Schneier on Security

From a Wired article : Private Join and Compute uses a 1970s methodology known as "commutative encryption" to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys are used in. This is helpful for multiparty computation, where you need to apply and later peel away multiple layers of encryption without affecting the computations performed on the encrypted data. cryptography encryption google

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. This challenges the view that hardware encryption is preferable over software encryption.

MongoDB Offers Field Level Encryption

Schneier on Security

MongoDB now has the ability to encrypt data by field : MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. authentication cryptography encryption hacking keys

Enterprise Data Encryption Use Reaches Historic Highs

Security Boulevard

For decades, enterprise data encryption and effective key management were something most enterprises wanted to do but couldn’t — if they tried to do it at all. The post Enterprise Data Encryption Use Reaches Historic Highs appeared first on Security Boulevard.

Storing Encrypted Photos in Google’s Cloud

Security Boulevard

New paper: “ Encrypted Cloud Photo Storage Using Google Photos “: Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices.

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

Schneier on Security

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Attorney General William Barr on Encryption Policy

Schneier on Security

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Particularly with respect to encryption marketed to consumers, the significance of the risk should be assessed based on its practical effect on consumer cybersecurity, as well as its relation to the net risks that offering the product poses for society. backdoors cryptowars encryption essays lawenforcement nationalsecuritypolicy

G7 Comes Out in Favor of Encryption Backdoors

Schneier on Security

Some G7 countries highlight the importance of not prohibiting, limiting, or weakening encryption; There is a weird belief amongst policy makers that hacking an encryption system's key management system is fundamentally different than hacking the system's encryption algorithm. Both are ways of weakening encryption. backdoors encryption g7 hacking keyescrow keys lawenforcement terrorism

Role of Encryption in GDPR Compliance

Security Boulevard

Encryption has been a hot topic of discussion during the implementation phase of most data privacy laws. The post Role of Encryption in GDPR Compliance appeared first on The State of Security. The post Role of Encryption in GDPR Compliance appeared first on Security Boulevard.

Cryptanalyzing a Pair of Russian Encryption Algorithms

Schneier on Security

academicpapers algorithms backdoors cryptanalysis cryptography encryption hashes russiaA pair of Russia-designed cryptographic algorithms -- the Kuznyechik block cipher and the Streebog hash function -- have the same flawed S-box that is almost certainly an intentional backdoor. It's just not the kind of mistake you make by accident, not in 2014.

Best Encrypted Messaging Apps You Should Use Today

Heimadal Security

Do you want to know which are the best encrypted messaging apps out there and how it can protect your valuable data? The post Best Encrypted Messaging Apps You Should Use Today appeared first on Heimdal Security Blog. Data protection Mobile Privacy encrypted messaging apps

Belgian Police Crack Encrypted Chat App to Seize $1.65 Billion Worth of Cocaine

Hot for Security

Police specialists in Belgium managed to crack an encrypted messaging service, revealing detailed information about cocaine shipments into Antwerp, Belgium. billion) after cracking the encryption algorithm of Sky ECC, a supplier of modified phones designed for ultra-private communications.

Another Story of Bad 1970s Encryption

Schneier on Security

The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. Philips, together with Siemens, built an encryption machine in the late 1970s.

German SG-41 Encryption Machine Up for Auction

Schneier on Security

cryptography encryption germany historyofcryptographyA German auction house is selling an SG-41. It looks beautiful. Starting price is 75,000 euros. My guess is that it will sell for around 100K euros.

Zettaset Unveils Encryption Management Console

Security Boulevard

Zettaset today added a management console to its portfolio that promises to simplify managing encryption on an end-to-end basis via integrations with third-party key managers that comply with the key management interoperability protocol (KMIP).

Finally! Ring Doorbells get End-to-End Encryption, but There’s a Big Catch

Security Boulevard

Amazon’s Ring unit is moving ahead with plans to allow end-to-end encryption (E2EE). Ring Doorbells get End-to-End Encryption, but There’s a Big Catch appeared first on Security Boulevard. The post Finally!

Ray Ozzie's Encryption Backdoor

Schneier on Security

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. The public key goes into the processor and the device, and is used to encrypt whatever user key encrypts the data. backdoors cryptowars cryptography encryption keyescrow lawenforcement securityengineeringIt's a weird article.

Amazon rolls out encryption for Ring doorbells

Zero Day

Privacy advocates have been asking for Amazon to encrypt its popular Ring doorbells audio and video traffic, and Amazon is finally delivering it

IEEE Statement on Strong Encryption vs. Backdoors

Schneier on Security

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms such as "backdoors" or "key escrow schemes" in order to facilitate government access to encrypted data. backdoors encryption keyescrow nationalsecuritypolicy vulnerabilities

Telegram offers fix to its non encrypted chat vulnerability

CyberSecurity Insiders

Telegram made it official that it has offered a security fix to non-encrypted chats that were previously vulnerable to cyber attacks through manipulated bots. The post Telegram offers fix to its non encrypted chat vulnerability appeared first on Cybersecurity Insiders.

Encryption debate could have enterprise security implications

SC Magazine

Facebook is among the companies that would like to incorporate end-to-end encryption to benefit users. This is not the first rodeo for debates over encryption. Encryption, at rest and in transit, is a component of many viable business security plans.

Attorney General Barr and Encryption

Schneier on Security

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Particularly with respect to encryption marketed to consumers, the significance of the risk should be assessed based on its practical effect on consumer cybersecurity, as well as its relation to the net risks that offering the product poses for society.

IBM announces new FHE encryption standard for better data security

CyberSecurity Insiders

IBM, the technology giant that has paved way for many of the computing inventions, has announced a new encryption standard that offers confidential computing while processing data. Till date we have seen data being encrypted while in transit or at rest. News IBM data encryption FHE

LockBit ransomware automates Windows domain encryption via group policies

Bleeping Computer

ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies. [.]. An new version of the LockBit 2.0 Security

More on the Five Eyes Statement on Encryption and Backdoors

Schneier on Security

Earlier this month, I wrote about a statement by the Five Eyes countries about encryption and back doors. backdoors cryptowars cryptography encryption intelligence lawenforcement privacyShort summary: they like them.) One of the weird things about the statement is that it was clearly written from a law-enforcement perspective, though we normally think of the Five Eyes as a consortium of intelligence agencies.

5 Most Common Encryption Algorithms And Methods

SecureBlitz

This post will show you the 5 most common encryption algorithms and methods. Whenever most people hear the term “encryption algorithm”, they tend to get a blank look on their face and think it’s a topic best left to IT experts. Editor's Pick Tutorials cryptography disk encryption

LockBit ransomware now encrypts Windows domains using group policies

Bleeping Computer

ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies. [.]. An new version of the LockBit 2.0 Security

Ring Doorbell Encryption Now Provided by Amazon

Heimadal Security

New Ring doorbell encryption solution has been provided by Amazon for video and audio traffic security. The post Ring Doorbell Encryption Now Provided by Amazon appeared first on Heimdal Security Blog. Cybersecurity News amazon data protection encryption endpoint security

Presidential Candidate Andrew Yang Has Quantum Encryption Policy

Schneier on Security

At least one presidential candidate has a policy about quantum computing and encryption. One: fund quantum-resistant encryption standards. blockchain cryptography encryption nationalsecuritypolicy quantumcomputingIt has two basic planks. Note: NIST is already doing this.) Two, fund quantum computing. Unlike many far more pressing computer security problems, the market seems to be doing this on its own quite nicely.).

El Chapo's Encryption Defeated by Turning His IT Consultant

Schneier on Security

his system's secret encryption keys in 2011 after he had moved the network's servers from Canada to the Netherlands during what he told the cartel's leaders was a routine upgrade. courts drugtrade encryption fbi insiders keysImpressive police work : In a daring move that placed his life in danger, the I.T. consultant eventually gave the F.B.I.

What Is the Signal Encryption Protocol?

WIRED Threat Level

As the Signal protocol becomes the industry standard, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging.

We Didn't Encrypt Your Password, We Hashed It. Here's What That Means:

Troy Hunt

The organisation involved may have contacted you and advised your password was exposed but fortunately, they encrypted it. Isn't the whole point of encryption that it protects data when exposed to unintended parties? You've possibly just found out you're in a data breach.

Homomorphic Encryption Makes Real-World Gains, Pushed by Google, IBM, Microsoft

eSecurity Planet

The increasing mobility of data, as it ping-pongs between clouds, data centers and the edge, has made it an easier target of cybercrime groups, which has put a premium on the encryption of that data in recent years. Further reading : Best Encryption Software & Tools for 2021.

Trojan Shield, the biggest ever police operation against encrypted communications

Security Affairs

Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The secure devices don’t use phone number to communicate because the encrypted traffic it relayed via An0m’s central platform.

A Road to a Consistent Encryption Strategy

Security Boulevard

Unlike the rest of the world, adoption of enterprise-wide encryption strategies has not grown in the Middle East, in fact. The post A Road to a Consistent Encryption Strategy appeared first on Entrust Blog.