The Encryption 'Backdoor' Debate Continues

Data Breach Today

The latest edition of the ISMG Security Report offers a deep dive on the debate about whether law enforcement officials should have a "backdoor" to circumvent encryption.

Google Releases Basic Homomorphic Encryption Tool

Schneier on Security

From a Wired article : Private Join and Compute uses a 1970s methodology known as "commutative encryption" to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys are used in. cryptography encryption google

Data Leakage from Encrypted Databases

Schneier on Security

Matthew Green has a super-interesting blog post about information leakage from encrypted databases. academicpapers databases encryptionIt describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson.

Attorney General Barr and Encryption

Schneier on Security

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations.

MongoDB Offers Field Level Encryption

Schneier on Security

MongoDB now has the ability to encrypt data by field : MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient.

Encryption: Avoiding the Pitfalls That Can Lead to Breaches

Data Breach Today

Analysis of Common Mistakes Made When Encrypting Data The Marriott mega-breach is calling attention to whether organizations are storing too much data and whether they're adequately protecting it with the proper encryption steps.

G7 Comes Out in Favor of Encryption Backdoors

Schneier on Security

Some G7 countries highlight the importance of not prohibiting, limiting, or weakening encryption; There is a weird belief amongst policy makers that hacking an encryption system's key management system is fundamentally different than hacking the system's encryption algorithm.

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

Attorney General Barr Argues for Access to Encrypted Content

Data Breach Today

Attorney General William Barr argued on Tuesday that enabling law enforcement to access encrypted content would only minimally increase data security risks. Critics Argue That Backdoors Would Create Security Risks U.S. Barr's comments drew criticism from lawmakers and technologists, who contend backdoors would put the public at greater risk

NEW TECH: DataLocker extends products, services to encrypt data on portable storage devices

The Last Watchdog

Related: Marriott reports huge data breach Ever thought about encrypting the data held on a portable storage device? I had the chance at RSA 2019 to visit with Shauna Park, channel manager at DataLocker, to discuss what’s new in the encrypted portable drive space.

GDPR Compliance – Encryption

Perficient Data & Analytics

On 25th May 2018, everybody woke up to find their inbox “spammed” with mails from companies about redefining their data privacy policies containing the term GDPR. GDPR which stands for General Data Protection Regulation, has replaced the existing Data Protection Directive rules.

Is All Encryption Equal?

Thales eSecurity

Data encryption has been around almost since the age of computers. In truth, anyone with minimal experience can write a simple script that uses default services built into virtually every OS to encrypt data. Who are you trying to protect your data from?

Ray Ozzie's Encryption Backdoor

Schneier on Security

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. The public key goes into the processor and the device, and is used to encrypt whatever user key encrypts the data.

How Encryption Became the Board’s New Best Friend

Thales eSecurity

For many years, encryption has been viewed as a burden on businesses – expensive, complex and of questionable value. The 2019 Thales Data Threat Report-Global Edition revealed that as digital transformations are taking place, sensitive data is often at risk. Enter encryption.

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain

Security Affairs

The encryption system implemented by popular solid-state drives (SSDs) is affected by critical vulnerabilities that could be exploited by a local attacker to decrypt data. Once reprogrammed, the SSD will use its stored keys to cipher and decipher stored data.

IEEE Statement on Strong Encryption vs. Backdoors

Schneier on Security

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. backdoors encryption keyescrow nationalsecuritypolicy vulnerabilities

STOP ransomware encrypts files and steals victim’s data

Security Affairs

AZORult is a data stealer that was first spotted in 2016 by Proofpoint that discovered it was it was part of a secondary infection via the Chthonic banking trojan. The post STOP ransomware encrypts files and steals victim’s data appeared first on Security Affairs.

Adiantum will bring encryption on Android devices without cryptographic acceleration

Security Affairs

Google announced Adiantum, a new encryption method devised to protect Android devices without cryptographic acceleration. Google announced Adiantum , a new encryption method devised to protect Android devices without cryptographic acceleration. SecurityAffairs – Android, encryption).

How Does Encryption Work?

Productivity Bytes

The word “encryption” is synonymous with data protection, and most people are aware of its functionality in their day-to-day lives within a digital context. While these are all uses for encryption, they don’t answer the … + Read More.

6 Android Phone Encryption Pros and Cons You Should Know

Productivity Bytes

Encryption is a hot topic lately, especially as people have growing concerns about data security. If you’re thinking about encrypting your Android, here are some Android phone encryption pros and cons to help you decide what to do.

The GDPR: Requirements for encryption

IT Governance

Six months since the GDPR (General Data Protection Regulation) came into force, pseudonymisation and data encryption remain the only technology measures specifically mentioned in the famously technology-agnostic Regulation. To further protect data, we look to encryption.

Slack Launched Encryption Key Addon For Businesses

Security Affairs

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. One of the main reason why companies are launching security centric features is, they value their customer’s data, privacy and security. Slack announced today to launch encryption keys that will help businesses to protect their data.

Database Encryption Key Management

Thales eSecurity

Large data scale breaches have led an increasing number of companies to embrace comprehensive encryption strategies to protect their assets. Solutions for Transparent Database Encryption. Data securityStreamlining operations and improving security.

‘Significant’ FBI Error Reignites Data Encryption Debate

WIRED Threat Level

FBI stats about inaccessible cellphones were inflated, undermining already controversial bureau claims about the threat of encryption. Security

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. The encryption in our products is handled by a chip inside the actual hardware itself.

Encryption trends and predictions over 50 years

Thales eSecurity

Modern encryption can trace its root back to before WWII when Alan Turing built a modern computer in order to break the Enigma. This was fueled by data breaches and in parallel sparked the dawn of data security regulatory mandates such as PCI, HIPAA/HITECH, GDPR, and many more.

Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed

Threatpost

Cryptography Privacy Vulnerabilities Bitlocker crucial data encryption physical access raboud university Samsung solid state drives vulnerabilityFirmware updates won't address the problem, so admins need to take other action.

Guest Blog: End-to-End Data Encryption with Data Reduction from Thales & Pure Storage

Thales eSecurity

At the 2019 RSA Conference, Pure Storage and Thales introduced Vormetric Transparent Encryption for Efficient Storage – the IT and security industries’ first end-to-end data encryption framework that realizes storage array data reduction. Data reduction of 4.8

Does Encryption Really Protect My Cloud Data?

Thales eSecurity

There has always been a battle between business efficiency and security since the invention of shared compute and data resources. It is obvious that most enterprises large and small have made the decision to move some — if not all — of their applications and data to the cloud.

GCHQ implements World War II cipher machines in encryption app CyberChef

Security Affairs

UK intelligence agency GCHQ released emulators for World War II cipher machines (Enigma, Typex and The Bombe) that can be executed in the encryption app CyberChef. The post GCHQ implements World War II cipher machines in encryption app CyberChef appeared first on Security Affairs.

Enterprise Data Encryption Hits All-time High

Dark Reading

A new report by the Ponemon Institute shows 45% of organizations have a comprehensive encryption policy in place

Apple and WhatsApp condemn GCHQ plans to eavesdrop on encrypted chats

The Guardian Data Protection

GCHQ ‘ghost protocol’ would seriously undermine user security and trust, says letter A GCHQ proposal that would enable eavesdropping on encrypted chat services has been condemned as a “serious threat” to digital security and human rights.

Why Enterprises Should Control Their Encryption Keys

Thales eSecurity

Cloud providers have done a good job of integrating default encryption services within their core infrastructure. However, as discussed in previous blogs , the encryption service is only as secure as the keys that are used to encrypt the data. Data security

Boards Now Face ‘the Encryption Question’

Thales eSecurity

So, what are we doing about encryption?”. So why has it become such a hot topic, and what will their willingness – and readiness – to address the topic say about the state of enterprise data security? Data securityTina Stewart, VP of Market Strategy. “So,

Guest Blog: End-to-End Data Encryption with Data Reduction from Thales & Pure Storage

Thales eSecurity

At the 2019 RSA Conference, Pure Storage and Thales introduced Vormetric Transparent Encryption for Efficient Storage – the IT and security industries’ first end-to-end data encryption framework that realizes storage array data reduction. Data reduction of 4.8

When Encryption Meets Flash Arrays

Thales eSecurity

To combat threats and keep data safe, IT teams must employ robust encryption, key management, and access controls. To secure storage, many organizations have been leveraging native encryption offerings from their storage vendors. Data security

British Airways E-Ticketing Flaw Exposes Passenger Flight, Personal Data

Threatpost

A vulnerability in British Airways' e-ticketing system could enable a bad actor to view passengers' personal data or change their booking information. Hacks Vulnerabilities British Airways British airways data breach Data Privacy Data security e-ticketing flaw Encryption

Data 105

Telegram loses bid to stop Russia from getting encryption keys

Information Management Resources

The maker of an encrypted messaging app that’s prized by those seeking privacy lost a bid before Russia’s Supreme Court to block security services from getting access to users’ data. Encryption Data security Cyber security

U.S. Healthcare Industry Needs a Shot in the Arm When it Comes to Data Protection: 70% experienced a breach; Less than 38% are encrypting even as threats increase

Thales eSecurity

Likening this flu scenario to a data breach, 70 percent of healthcare organizations report that they’re sick and the majority are not taking proven and adequate measures to stay well. They’re counting on the fact that only 38% or less of healthcare organizations encrypt data.

Australia drafts laws forcing Facebook and Google to reveal encrypted data

The Guardian Data Protection

Security agencies would be given access to encrypted messaging apps under bid to ‘modernise’ laws Technology companies such as Facebook and Google would be forced to give Australian security agencies access to encrypted data under legislation to be introduced by the Turnbull government. But the government has refused to say how the security agencies would access the data. Related: Encryption keeps us safe.