Encryption: Avoiding the Pitfalls That Can Lead to Breaches

Data Breach Today

Analysis of Common Mistakes Made When Encrypting Data The Marriott mega-breach is calling attention to whether organizations are storing too much data and whether they're adequately protecting it with the proper encryption steps.

Australia Passes Encryption-Busting Law

Data Breach Today

Government Can Force Technology Companies to Break Encryption Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

Weak Encryption Leaves Mobile Health App at Risk for Hacking

Data Breach Today

El Chapo's Encryption Defeated by Turning His IT Consultant

Schneier on Security

his system's secret encryption keys in 2011 after he had moved the network's servers from Canada to the Netherlands during what he told the cartel's leaders was a routine upgrade. courts drugtrade encryption fbi insiders keys

Encryption trends and predictions over 50 years

Thales Data Security

Modern encryption can trace its root back to before WWII when Alan Turing built a modern computer in order to break the Enigma. We’ve also seen promising approaches, such as homomorphic encryption, come out of academia that have yet to find common practice in real-world applications.

Ray Ozzie's Encryption Backdoor

Schneier on Security

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. The public key goes into the processor and the device, and is used to encrypt whatever user key encrypts the data.

Intel Patches Firmware Flaw That Leaks ME Encryption Keys

Data Breach Today

It has issued yet another patch for its Management Engine after a researcher was able to extract two types of encryption keys. Researcher Finds Intel's Previous Management Engine Patches Weren't Foolproof Intel has had a challenging time of late on the vulnerability front.

GDPR Compliance – Encryption

Perficient Data & Analytics

Nowhere GDPR Articles mention that encryption is necessary but implementing such measures can reduce the occurrence of a data breach. GDPR Compliant Encryption Methods. The two most commonly stated GDPR-compliant encryption methods mentioned in the GDPR Articles are as follows, 1.

More on the Five Eyes Statement on Encryption and Backdoors

Schneier on Security

Earlier this month, I wrote about a statement by the Five Eyes countries about encryption and back doors. backdoors cryptowars cryptography encryption intelligence lawenforcement privacy

IEEE Statement on Strong Encryption vs. Backdoors

Schneier on Security

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. backdoors encryption keyescrow nationalsecuritypolicy vulnerabilities

FBI: Encryption Blocked Access to 7,800 Devices

Data Breach Today

Director Calls For 'Responsible' Solution That's Not a Backdoor FBI Director Christopher Wray says the agency was unable to access nearly 7,800 devices in fiscal 2017 because of encryption, which he alleges will pose ever-increasing complications for law enforcement.

Virginia Beach Police Want Encrypted Radios

Schneier on Security

This article says that the Virginia Beach police are looking to buy encrypted radios. Virginia Beach police believe encryption will prevent criminals from listening to police communications. backdoors encryption lawenforcement police

The GDPR: Requirements for encryption

IT Governance

Six months since the GDPR (General Data Protection Regulation) came into force, pseudonymisation and data encryption remain the only technology measures specifically mentioned in the famously technology-agnostic Regulation. But what exactly is meant by ‘pseudonymisation’ and ‘encryption’?

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. The encryption in our products is handled by a chip inside the actual hardware itself.

Is Payments Industry Ready for New Encryption Protocols?

Data Breach Today

PCI-DSS Requirement Looms on June 30 New PCI requirements that go into effect June 30 are pushing payment card acquirers, processors, gateways and service providers worldwide to implement more secure encryption protocols for transactions.

Two New Papers on the Encryption Debate

Schneier on Security

Seems like everyone is writing about encryption and backdoors this season. Policy Approaches to the Encryption Debate ," R Street Policy Study #133, by Charles Duan, Arthur Rizer, Zach Graves and Mike Godwin. Encryption Policy in Democratic Regimes ," East West Institute.

Database Encryption Key Management

Thales Data Security

Large data scale breaches have led an increasing number of companies to embrace comprehensive encryption strategies to protect their assets. Solutions for Transparent Database Encryption. Streamlining operations and improving security.

Apple to Store Encryption Keys in China

Schneier on Security

Apple is bowing to pressure from the Chinese government and storing encryption keys in China. apple china cloudcomputing encryption iphone keyescrow privacy

Cracking Down on Criminals' Use of Encrypted Communications

Data Breach Today

An analysis of a crackdown on criminals' use of encrypted communications leads the latest edition of the ISMG Security Report. Also: a preview of ISMG's Healthcare Security and Legal & Compliance summits, including expert insights on vendor risk management

Encryption in India

InfoGovNuggets

“India Wants Access to Encrypted WhatsApp Messages,” The Wall Street Journal , January 16, 2019. Government wants access to the encrypted messages of its citizens. Encryption of information is troubling to governments generally. Can the NSA break the WhatsApp encryption? Compare and contrast with Apple’s efforts to block searches of iPhones in the US. Who’s in charge, and who makes the rules? If WhatsApp doesn’t comply, what happens?

Australia's Encryption-Busting Law Could Impact the World

WIRED Threat Level

Australia has passed a law that would require companies to weaken their encryption, a move that could reverberate globally. Security

Amazon, Google Block Trick That Let Encrypted Chats Flow

Data Breach Today

Collateral damage is already being felt by the likes of Signal, a popular, encrypted-messaging app blocked by some governments

FBI Director's Encryption Comments Prove Controversial

Data Breach Today

An analysis of FBI Director Christopher Wray's comments about how encryption poses complications for law enforcement officials leads the latest edition of the ISMG Security Report. Also featured: The former CISO of the state of Michigan sizes up cybersecurity forecasts

Why Enterprises Should Control Their Encryption Keys

Thales Data Security

Cloud providers have done a good job of integrating default encryption services within their core infrastructure. However, as discussed in previous blogs , the encryption service is only as secure as the keys that are used to encrypt the data.

When Encryption Meets Flash Arrays

Thales Data Security

To combat threats and keep data safe, IT teams must employ robust encryption, key management, and access controls. To secure storage, many organizations have been leveraging native encryption offerings from their storage vendors.

Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed

Threatpost

Cryptography Privacy Vulnerabilities Bitlocker crucial data encryption physical access raboud university Samsung solid state drives vulnerabilityFirmware updates won't address the problem, so admins need to take other action.

‘Significant’ FBI Error Reignites Data Encryption Debate

WIRED Threat Level

FBI stats about inaccessible cellphones were inflated, undermining already controversial bureau claims about the threat of encryption. Security

An Encryption Upgrade Could Upend Online Payments

WIRED Threat Level

encryption will benefit the payments ecosystem, it'll be rough going for those with older devices. While ditching TLS 1.0 Security

The Fact and Fiction of Homomorphic Encryption

Dark Reading

The approach's promise continues to entice cryptographers and academics. But don't expect it to help in the real world anytime soon

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain

Security Affairs

The encryption system implemented by popular solid-state drives (SSDs) is affected by critical vulnerabilities that could be exploited by a local attacker to decrypt data. “We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

To Go Native, Or Not to Go Native. A Cautionary Tale About Database Encryption

Thales Data Security

As a result, database encryption has never been more crucial in order to protect the massive amounts of information that is held in the diverse mix of databases that large enterprises rely on today, including relational, SQL, NoSQL and big data environments. Database Encryption

Q&A: The troubling implications of normalizing encryption backdoors — for government use

The Last Watchdog

Should law enforcement and military officials have access to a digital backdoor enabling them to bypass any and all types of encryption that exist today? The disturbing thing is that in North America and Europe more and more arguments are being raised in support of creating and maintaining encryption backdoors for government use. Here are excerpts edited for clarity and space: LW: What’s wrong with granting governments the ability to break encryption?

Does Encryption Really Protect My Cloud Data?

Thales Data Security

To address this, many regulations and enterprise policies turn to encryption as a safe and efficient way to protect data. Encryption adds security at the root of the risk, which is not at the client, server, or device layer but rather at the data itself.

Cloudflare's New Encryption Service Adds Privacy Protection

WIRED Threat Level

Internet infrastructure company Cloudflare appears to be preparing to launch a service to encrypt traffic to the computers that look up web addresses. Business Security

iTunes Doesn't Encrypt Downloads—on Purpose

WIRED Threat Level

While HTTPS has made the web at large a much safe place, Apple has chosen to forgo it for iTunes and App Store downloads. Security

Multi-cloud use, regulatory compliance and information protection drive new era of encryption and key management in France

Thales Data Security

Now in its 13 th year, our Global Encryption Trends Study that is performed by the Ponemon Institute reveals interesting findings that span a dozen different geographies. Below I have highlighted other key trends revealed in the 2018 France Encryption Trends Study. Encryption

Encrypted Messaging Apps Have Limitations You Should Know

WIRED Threat Level

As recent events have shown, using an encrypted messaging app like WhatsApp or Signal is no privacy panacea. Security

EFail: Encrypted Email Has a Major, Divisive Flaw

WIRED Threat Level

An attack called eFail overcomes the protections of encrypted email standards PGP and S/MIME. Security

FBI Director Calls Smartphone Encryption an ‘Urgent Public Safety Issue’

Threatpost

The debate over the government's authority to access private encrypted data on digital devices was amplified when the Federal Bureau of Investigation Director Christopher Wray called unbreakable encryption an 'urgent public safety issue.'. google iPhone 5c iPhone encryption San Bernardino smartphone encryption terrorist U.S.