Expert insights. Personalized for you.
Agency Describes How DoH Can Help Prevent Eavesdropping The NSA has released guidance on how organizations can adopt encrypted domain name system protocols to prevent eavesdropping and manipulation of DNS traffic. MORE
Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. bitcoin cryptanalysis cryptocurrency cryptography encryptionDefCon talk here. MORE
81 
MongoDB now has the ability to encrypt data by field : MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. authentication cryptography encryption hacking keys MORE
versions are affected by the vulnerability dubbed BLURtooth which allows hackers to defeat Bluetooth encryption. The vulnerability could be exploited by attackers to overwrite or lower the strength of the pairing key, defeating the protocol encryption. Bluetooth 4.0 through 5.0 MORE
The Lawful Access to Encrypted Data Act is being decried as "an awful idea" by security experts. Government Privacy apple Data Privacy Encryption End to end encryption Facebook FBI Lawful Access to Encrypted Data Act Security MORE
government and tech companies continue to butt heads over the idea of encryption and what that means for law enforcement. Government Newsmaker Interviews Videos apple backdoor EARN IT Encryption FBI government Lawful Access to Encrypted Data ActThe U.S. MORE
Teleconference Company Describes Series of Security Measures Zoom will begin beta testing an end-to-end encryption feature in July that it plans to make available at no charge to all who use the paid or free version of its teleconference platform. MORE
After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week. Cloud Security Vulnerabilities Web Security coronavirus COVID-19 E2EE Encryption End to end encryption Pandemic remote work Security transport layer security encryption video conferencing security zoom zoom meeting Zoom-bombing MORE
The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications. Plus, D-Link's proposed settlement with the FTC and a CISO's update on medical device security MORE
Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. This challenges the view that hardware encryption is preferable over software encryption. MORE
The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. I am seeing nothing on the Let's Encrypt website. certificates encryption vulnerabilities MORE
New research has dug into the openings that iOS and Android security provide for anyone with the right tools. Security Security / Privacy MORE
academicpapers algorithms backdoors cryptanalysis cryptography encryption hashes russiaA pair of Russia-designed cryptographic algorithms -- the Kuznyechik block cipher and the Streebog hash function -- have the same flawed S-box that is almost certainly an intentional backdoor. It's just not the kind of mistake you make by accident, not in 2014. MORE
The latest edition of the ISMG Security Report offers a deep dive on the debate about whether law enforcement officials should have a "backdoor" to circumvent encryption. Also featured: An analysis of Equifax's settlement with the FTC and a discussion of a new report on the cost of data breaches MORE
Intel's addition of memory encryption to its upcoming 3rd generation Xeon Scalable processors matches AMD's Secure Memory Encryption (SME) feature. MORE
From a Wired article : Private Join and Compute uses a 1970s methodology known as "commutative encryption" to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys are used in. This is helpful for multiparty computation, where you need to apply and later peel away multiple layers of encryption without affecting the computations performed on the encrypted data. cryptography encryption google MORE
Web Conferencing Provider Blames Routing of Keys via China on Scaling-Up Error Zoom, responding to research that identified encryption and infrastructure shortcomings in its audio and video conferencing software, has promised to further revamp its security controls. MORE
Members of the Five Eyes intelligence alliance once again call for tech firms to engineer backdoors into end-to-end and device encryption. SecurityAffairs – hacking, encryption). MORE
National Security Agency has released guidance on how the Defense Department, other federal agencies and the contractors that support them should replace obsolete encryption protocols that can enable cyber intrusions. Agency Recommends Replacement of Old TLS and SSL Protocols The U.S. MORE
The video-conferencing specialist has yet to roll out full encryption, but it says it's working on it. Government Mobile Security Privacy Web Security Consumer Protection Procedures Act damages End to end encryption false advertising Lawsuit legal challenges sued Washington D.C. MORE
Analysis of Common Mistakes Made When Encrypting Data The Marriott mega-breach is calling attention to whether organizations are storing too much data and whether they're adequately protecting it with the proper encryption steps. Experts offer insights on making the right moves MORE
Stolen Laptop Contained Patient Data on Thousands Just when you thought the days of big data breaches tied to stolen unencrypted laptops were over comes news of an incident in Oregon affecting hundreds of thousands. What happened this time MORE
The ability to perform complex calculations on encrypted data promises a new level of privacy and data security for companies in the public and private sectors. MORE
Encryption remains a mainstay of IT security technology, a critical tool for protecting sensitive data. We evaluate the top encryption solutions MORE
As the Signal protocol becomes the industry standard, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging. MORE
US, UK and Australia Push for Law Enforcement Access Facebook is falling under renewed pressure for its plans to make its messaging platforms fully encrypted. The U.S., and Australia are asking Facebook to ensure law enforcement can access messages MORE
Matthew Green has a super-interesting blog post about information leakage from encrypted databases. academicpapers databases encryptionIt describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson. Even the summary is too much to summarize, so read it. MORE
Many Vendors of Illegal Drugs, Weapons, Hacking Tools Prefer Markets With so many cybercrime markets continuing to disappear, why haven't encrypted messaging apps stepped in to fill the gap? But encrypted apps have their own downsides They might seem to be the perfect solution to admins stealing buyers' and sellers' cryptocurrency - via an exit scam - or police infiltration. MORE
Law Enforcement Leaders Say Encryption Delayed Terrorist Investigation; Apple Pushes Back Although FBI technicians were able to gain access to data in two iPhones belonging to a Saudi national who killed three U.S. sailors at a military base in Pensacola, Florida, the Justice Department continues to criticize Apple's refusal to offer law enforcement a backdoor to its encrypted devices MORE
After Arresting Phantom Secure CEO, Authorities Reportedly Saw Secrets for Sale The Canadian government has arrested a senior intelligence official on charges of working as a mole. He was reportedly unmasked after investigators found someone had pitched stolen secrets to the CEO of Phantom Secure, a secure smartphone service marketed to criminals that authorities shuttered last year MORE
Romanians Allegedly Ran 'CyberSeal,' 'Dataprotector' and 'Cyberscan' Services Europol has arrested two Romanians for allegedly selling services - including malware encryption - that helped cybercriminals circumvent antivirus tools MORE
170 Learn How To Run Deep SSL Inspection For Encrypted Traffic. View this webinar OnDemand and learn how you can run deep SSL inspection for encrypted traffic MORE
115 Zoom is doing the right thing : it's making end-to-end encryption available to all users, paid and unpaid. cybersecurity encryption securityengineering twofactorauthentication videoconferencingThis is a change; I wrote about the initial decision here.).we we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform. MORE
Best practices for a shifting visibility landscape MORE
German and US Intelligence Reportedly Used Company's Equipment to Spy on 100 Countries Intelligence agencies in the United States and West Germany secretly owned a controlling stake in Swiss firm Crypto AG for decades and used their access to the company's encrypted communications equipment to spy on over 100 countries, including friends and foes alike, according to news reports MORE
Navigation and Smartwatch Company Stops Short of Using Term 'Ransomware' Garmin acknowledged Monday that a "cyberattack" that encrypted several of its systems led to outages that affected several of the company's fitness and aviation products along with knocking its homepage and customer service centers offline. MORE
The Video conferencing platform Zoom announced the implementation of end-to-end encryption (E2EE) and its availability starting next week. The popular Video conferencing platform Zoom announced the availability of the end-to-end encryption (E2EE) starting next week. ” With E2EE, users will be able to generate individual encryption keys and use them to protect voice or video calls with encryption protecting them from eavesdropping. MORE
Some G7 countries highlight the importance of not prohibiting, limiting, or weakening encryption; There is a weird belief amongst policy makers that hacking an encryption system's key management system is fundamentally different than hacking the system's encryption algorithm. Both are ways of weakening encryption. backdoors encryption g7 hacking keyescrow keys lawenforcement terrorism MORE
I’ve signed onto a letter to the European Commission on end to end encrypted communications. Software Engineering MORE
Cracking of EncroChat's Network Leads to Hundreds of Arrests in Organized Crime Crackdown European police gained access to messages sent via an encrypted cellular network, leading to the arrest of hundreds of alleged organized crime members, according to Europol MORE
Government Can Force Technology Companies to Break Encryption Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software MORE
Encryption Related Topics Data Breach Today
JANUARY 6, 2021
National Security Agency has released guidance on how the Defense Department, other federal agencies and the contractors that support them should replace obsolete encryption protocols that can enable cyber intrusions. Agency Recommends Replacement of Old TLS and SSL Protocols The U.S.
Data Breach Today
JANUARY 15, 2021
Agency Describes How DoH Can Help Prevent Eavesdropping The NSA has released guidance on how organizations can adopt encrypted domain name system protocols to prevent eavesdropping and manipulation of DNS traffic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
NOVEMBER 20, 2020
Romanians Allegedly Ran 'CyberSeal,' 'Dataprotector' and 'Cyberscan' Services Europol has arrested two Romanians for allegedly selling services - including malware encryption - that helped cybercriminals circumvent antivirus tools
Data Breach Today
JULY 27, 2020
Navigation and Smartwatch Company Stops Short of Using Term 'Ransomware' Garmin acknowledged Monday that a "cyberattack" that encrypted several of its systems led to outages that affected several of the company's fitness and aviation products along with knocking its homepage and customer service centers offline.
Schneier on Security
MARCH 4, 2020
The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. I am seeing nothing on the Let's Encrypt website. certificates encryption vulnerabilities
eSecurity Planet
NOVEMBER 25, 2020
Encryption remains a mainstay of IT security technology, a critical tool for protecting sensitive data. We evaluate the top encryption solutions
Schneier on Security
AUGUST 12, 2020
Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. bitcoin cryptanalysis cryptocurrency cryptography encryptionDefCon talk here.
WIRED Threat Level
NOVEMBER 29, 2020
As the Signal protocol becomes the industry standard, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging.
Data Breach Today
DECEMBER 7, 2018
Government Can Force Technology Companies to Break Encryption Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software
Data Breach Today
JULY 5, 2019
The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications. Plus, D-Link's proposed settlement with the FTC and a CISO's update on medical device security
Data Breach Today
APRIL 6, 2020
Web Conferencing Provider Blames Routing of Keys via China on Scaling-Up Error Zoom, responding to research that identified encryption and infrastructure shortcomings in its audio and video conferencing software, has promised to further revamp its security controls.
Threatpost
OCTOBER 15, 2020
After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week. Cloud Security Vulnerabilities Web Security coronavirus COVID-19 E2EE Encryption End to end encryption Pandemic remote work Security transport layer security encryption video conferencing security zoom zoom meeting Zoom-bombing
Threatpost
JULY 27, 2020
government and tech companies continue to butt heads over the idea of encryption and what that means for law enforcement. Government Newsmaker Interviews Videos apple backdoor EARN IT Encryption FBI government Lawful Access to Encrypted Data ActThe U.S.
Data Breach Today
JULY 26, 2019
The latest edition of the ISMG Security Report offers a deep dive on the debate about whether law enforcement officials should have a "backdoor" to circumvent encryption. Also featured: An analysis of Equifax's settlement with the FTC and a discussion of a new report on the cost of data breaches
Data Breach Today
OCTOBER 4, 2019
US, UK and Australia Push for Law Enforcement Access Facebook is falling under renewed pressure for its plans to make its messaging platforms fully encrypted. The U.S., and Australia are asking Facebook to ensure law enforcement can access messages
Data Breach Today
JULY 2, 2020
Cracking of EncroChat's Network Leads to Hundreds of Arrests in Organized Crime Crackdown European police gained access to messages sent via an encrypted cellular network, leading to the arrest of hundreds of alleged organized crime members, according to Europol
Data Breach Today
JUNE 19, 2020
Teleconference Company Describes Series of Security Measures Zoom will begin beta testing an end-to-end encryption feature in July that it plans to make available at no charge to all who use the paid or free version of its teleconference platform.
Adam Shostack
NOVEMBER 22, 2020
I’ve signed onto a letter to the European Commission on end to end encrypted communications. Software Engineering
Data Breach Today
JUNE 11, 2020
Learn How To Run Deep SSL Inspection For Encrypted Traffic. View this webinar OnDemand and learn how you can run deep SSL inspection for encrypted traffic
Threatpost
OCTOBER 14, 2020
Intel's addition of memory encryption to its upcoming 3rd generation Xeon Scalable processors matches AMD's Secure Memory Encryption (SME) feature.
Data Breach Today
SEPTEMBER 25, 2020
Many Vendors of Illegal Drugs, Weapons, Hacking Tools Prefer Markets With so many cybercrime markets continuing to disappear, why haven't encrypted messaging apps stepped in to fill the gap? But encrypted apps have their own downsides They might seem to be the perfect solution to admins stealing buyers' and sellers' cryptocurrency - via an exit scam - or police infiltration.
Threatpost
AUGUST 13, 2020
The video-conferencing specialist has yet to roll out full encryption, but it says it's working on it. Government Mobile Security Privacy Web Security Consumer Protection Procedures Act damages End to end encryption false advertising Lawsuit legal challenges sued Washington D.C.
WIRED Threat Level
JANUARY 13, 2021
New research has dug into the openings that iOS and Android security provide for anyone with the right tools. Security Security / Privacy
Schneier on Security
JULY 2, 2019
From a Wired article : Private Join and Compute uses a 1970s methodology known as "commutative encryption" to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys are used in. This is helpful for multiparty computation, where you need to apply and later peel away multiple layers of encryption without affecting the computations performed on the encrypted data. cryptography encryption google
Data Breach Today
MAY 19, 2020
Law Enforcement Leaders Say Encryption Delayed Terrorist Investigation; Apple Pushes Back Although FBI technicians were able to gain access to data in two iPhones belonging to a Saudi national who killed three U.S. sailors at a military base in Pensacola, Florida, the Justice Department continues to criticize Apple's refusal to offer law enforcement a backdoor to its encrypted devices
Schneier on Security
JUNE 26, 2019
MongoDB now has the ability to encrypt data by field : MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. authentication cryptography encryption hacking keys
Dark Reading
JANUARY 19, 2021
Best practices for a shifting visibility landscape
Schneier on Security
NOVEMBER 6, 2018
Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. This challenges the view that hardware encryption is preferable over software encryption.
Data Breach Today
JANUARY 8, 2019
Analysis of Common Mistakes Made When Encrypting Data The Marriott mega-breach is calling attention to whether organizations are storing too much data and whether they're adequately protecting it with the proper encryption steps. Experts offer insights on making the right moves
Threatpost
JUNE 24, 2020
The Lawful Access to Encrypted Data Act is being decried as "an awful idea" by security experts. Government Privacy apple Data Privacy Encryption End to end encryption Facebook FBI Lawful Access to Encrypted Data Act Security
Security Affairs
OCTOBER 15, 2020
The Video conferencing platform Zoom announced the implementation of end-to-end encryption (E2EE) and its availability starting next week. The popular Video conferencing platform Zoom announced the availability of the end-to-end encryption (E2EE) starting next week. ” With E2EE, users will be able to generate individual encryption keys and use them to protect voice or video calls with encryption protecting them from eavesdropping.
Schneier on Security
MARCH 1, 2019
Matthew Green has a super-interesting blog post about information leakage from encrypted databases. academicpapers databases encryptionIt describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson. Even the summary is too much to summarize, so read it.
Data Breach Today
SEPTEMBER 17, 2019
After Arresting Phantom Secure CEO, Authorities Reportedly Saw Secrets for Sale The Canadian government has arrested a senior intelligence official on charges of working as a mole. He was reportedly unmasked after investigators found someone had pitched stolen secrets to the CEO of Phantom Secure, a secure smartphone service marketed to criminals that authorities shuttered last year
Data Breach Today
FEBRUARY 12, 2020
German and US Intelligence Reportedly Used Company's Equipment to Spy on 100 Countries Intelligence agencies in the United States and West Germany secretly owned a controlling stake in Swiss firm Crypto AG for decades and used their access to the company's encrypted communications equipment to spy on over 100 countries, including friends and foes alike, according to news reports
Schneier on Security
JUNE 17, 2020
Zoom is doing the right thing : it's making end-to-end encryption available to all users, paid and unpaid. cybersecurity encryption securityengineering twofactorauthentication videoconferencingThis is a change; I wrote about the initial decision here.).we we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform.
Security Affairs
OCTOBER 13, 2020
Members of the Five Eyes intelligence alliance once again call for tech firms to engineer backdoors into end-to-end and device encryption. SecurityAffairs – hacking, encryption).
Data Breach Today
FEBRUARY 6, 2020
Stolen Laptop Contained Patient Data on Thousands Just when you thought the days of big data breaches tied to stolen unencrypted laptops were over comes news of an incident in Oregon affecting hundreds of thousands. What happened this time
Security Affairs
SEPTEMBER 10, 2020
versions are affected by the vulnerability dubbed BLURtooth which allows hackers to defeat Bluetooth encryption. The vulnerability could be exploited by attackers to overwrite or lower the strength of the pairing key, defeating the protocol encryption. Bluetooth 4.0 through 5.0
Schneier on Security
MAY 10, 2019
academicpapers algorithms backdoors cryptanalysis cryptography encryption hashes russiaA pair of Russia-designed cryptographic algorithms -- the Kuznyechik block cipher and the Streebog hash function -- have the same flawed S-box that is almost certainly an intentional backdoor. It's just not the kind of mistake you make by accident, not in 2014.
Schneier on Security
APRIL 23, 2019
Some G7 countries highlight the importance of not prohibiting, limiting, or weakening encryption; There is a weird belief amongst policy makers that hacking an encryption system's key management system is fundamentally different than hacking the system's encryption algorithm. Both are ways of weakening encryption. backdoors encryption g7 hacking keyescrow keys lawenforcement terrorism
Let's personalize your content