Let's Encrypt Vulnerability

Schneier on Security

The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. I am seeing nothing on the Let's Encrypt website.

European Police Hack Encrypted Communication System

Data Breach Today

Cracking of EncroChat's Network Leads to Hundreds of Arrests in Organized Crime Crackdown European police gained access to messages sent via an encrypted cellular network, leading to the arrest of hundreds of alleged organized crime members, according to Europol

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Zoom to Offer End-to-End Encryption for All Users

Data Breach Today

Teleconference Company Describes Series of Security Measures Zoom will begin beta testing an end-to-end encryption feature in July that it plans to make available at no charge to all who use the paid or free version of its teleconference platform.

Zoom Promises Geo-Fencing, Encryption Overhaul for Meetings

Data Breach Today

Web Conferencing Provider Blames Routing of Keys via China on Scaling-Up Error Zoom, responding to research that identified encryption and infrastructure shortcomings in its audio and video conferencing software, has promised to further revamp its security controls.

OnDemand Webinar | Protect Your Network From Encrypted Threats

Data Breach Today

Learn How To Run Deep SSL Inspection For Encrypted Traffic. View this webinar OnDemand and learn how you can run deep SSL inspection for encrypted traffic

Analysis: Strong vs. Weak Encryption

Data Breach Today

The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications.

New Bill Targeting ‘Warrant-Proof’ Encryption Draws Ire

Threatpost

The Lawful Access to Encrypted Data Act is being decried as "an awful idea" by security experts. Government Privacy apple Data Privacy Encryption End to end encryption Facebook FBI Lawful Access to Encrypted Data Act Security

Facebook Pressured Over Encrypted Messaging Plans

Data Breach Today

US, UK and Australia Push for Law Enforcement Access Facebook is falling under renewed pressure for its plans to make its messaging platforms fully encrypted.

The Encryption 'Backdoor' Debate Continues

Data Breach Today

The latest edition of the ISMG Security Report offers a deep dive on the debate about whether law enforcement officials should have a "backdoor" to circumvent encryption.

Zoom Will Be End-to-End Encrypted for All Users

Schneier on Security

Zoom is doing the right thing : it's making end-to-end encryption available to all users, paid and unpaid. cybersecurity encryption securityengineering twofactorauthentication videoconferencing

Australia Passes Encryption-Busting Law

Data Breach Today

Government Can Force Technology Companies to Break Encryption Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software

Google Releases Basic Homomorphic Encryption Tool

Schneier on Security

From a Wired article : Private Join and Compute uses a 1970s methodology known as "commutative encryption" to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys are used in. cryptography encryption google

CIA Secretly Owned Swiss Encryption Firm for Years: Reports

Data Breach Today

E.U. Authorities Crack Encryption of Massive Criminal and Murder Network

Threatpost

Cryptography Government Mobile Security Privacy Android criminal communications Criminals EncroChat encrypted chat Encryption European Union France law enforcement mobile murder network secure mobile messaging The Netherlands U.K.

MongoDB Offers Field Level Encryption

Schneier on Security

MongoDB now has the ability to encrypt data by field : MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient.

Report: Encrypted Smartphone Takedown Outed Canadian Mole

Data Breach Today

After Arresting Phantom Secure CEO, Authorities Reportedly Saw Secrets for Sale The Canadian government has arrested a senior intelligence official on charges of working as a mole.

Encryption: Avoiding the Pitfalls That Can Lead to Breaches

Data Breach Today

Analysis of Common Mistakes Made When Encrypting Data The Marriott mega-breach is calling attention to whether organizations are storing too much data and whether they're adequately protecting it with the proper encryption steps.

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

Breach Report: Sometimes, Encryption Is Still Overlooked

Data Breach Today

Stolen Laptop Contained Patient Data on Thousands Just when you thought the days of big data breaches tied to stolen unencrypted laptops were over comes news of an incident in Oregon affecting hundreds of thousands. What happened this time

Zoom Restricts End-to-End Encryption to Paid Users

Threatpost

The end-to-end encryption feature will not be offered to free users, Zoom's CEO said, in case Zoom needed to comply with federal and local law enforcement. Privacy Web Security End to end encryption FBI law enforcement work from home zoom zoom privacy zoom security

Encryption Utility Firm Accused of Bundling Malware Functions in Product

Threatpost

The increasingly prevalent GuLoader malware has been traced back to a far-reaching encryption service that attempts to pass as above-board. Cloud Security Malware Check Point cloudeye crypter darkeye Encryption guloader italian company malware Malware analysis packer securitycode.eu

Data Leakage from Encrypted Databases

Schneier on Security

Matthew Green has a super-interesting blog post about information leakage from encrypted databases. academicpapers databases encryptionIt describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson.

Snake Ransomware isolates infected Systems before encrypting files

Security Affairs

Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference. The Snake ransomware kills processes from a predefined list, including ICS-related processes, to encrypt associated files.

Let's Encrypt: We Won't Revoke All Certificates Right Now

Data Breach Today

Mass Revocation Will Bring Too Much Concern, Project Says Let's Encrypt is going to take a softer approach to resolving the impacts from a bug in its systems that issues free TLS certificates.

Cryptanalyzing a Pair of Russian Encryption Algorithms

Schneier on Security

academicpapers algorithms backdoors cryptanalysis cryptography encryption hashes russiaA pair of Russia-designed cryptographic algorithms -- the Kuznyechik block cipher and the Streebog hash function -- have the same flawed S-box that is almost certainly an intentional backdoor.

Attorney General William Barr on Encryption Policy

Schneier on Security

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations.

Report: Apple Scuttled Encryption Plans for iCloud Backups

Data Breach Today

Technology Giant Didn't Want to 'Poke the Bear,' Sources Tell Reuters Apple previously scuttled plans add end-to-end encryption to iCloud backups, Reuters reports, noting that such a move would have complicated law enforcement investigations.

G7 Comes Out in Favor of Encryption Backdoors

Schneier on Security

Some G7 countries highlight the importance of not prohibiting, limiting, or weakening encryption; There is a weird belief amongst policy makers that hacking an encryption system's key management system is fundamentally different than hacking the system's encryption algorithm.

Tech Industry Pushes for Australian Encryption Law Changes

Data Breach Today

Senate Committee Reviewing Law With an Eye to Amend Technology organizations say Australia's anti-encryption law passed in December is already undermining trust in their local operations.

IBM releases open-source toolkits implementing FHE to process data while encrypted

Security Affairs

IBM has released open-source toolkits implementing fully homomorphic encryption (FHE) that allow researchers to process data while it’s still encrypted. “Your model would benefit from this superset of encrypted data without individual parties making their data public.”

Another Story of Bad 1970s Encryption

Schneier on Security

The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. Philips, together with Siemens, built an encryption machine in the late 1970s.

Weak Encryption Leaves Mobile Health App at Risk for Hacking

Data Breach Today

DHS, Philips Issue Advisories for HealthSuite Android Health App The lack of strong encryption in Philips' HealthSuite Health Android app leaves the mobile health software vulnerable to hacking, according to a new advisory issued by the medical device manufacturer and an alert from the Department of Homeland Security.

Shade Threat Actors Call It Quits, Release 750K Encryption Keys

Threatpost

Cryptography Malware Anti-virus Encryption encryption keys github Kaspersky ransomware Shade threat actors TrojanThe team behind the ransomware, first spotted in late 2014 and typically targeting Russian victims, apologized to victims in a post on GitHub.

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

Schneier on Security

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Top Full Disk Encryption Software Products

eSecurity Planet

Full disk encryption is a critical part of IT security. Here are the top disk encryption tools to choose from

Is All Encryption Equal?

Thales eSecurity

Data encryption has been around almost since the age of computers. In truth, anyone with minimal experience can write a simple script that uses default services built into virtually every OS to encrypt data. The answer to these question changes your encryption strategy.

Ray Ozzie's Encryption Backdoor

Schneier on Security

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. The public key goes into the processor and the device, and is used to encrypt whatever user key encrypts the data.

German SG-41 Encryption Machine Up for Auction

Schneier on Security

cryptography encryption germany historyofcryptographyA German auction house is selling an SG-41. It looks beautiful. Starting price is 75,000 euros. My guess is that it will sell for around 100K euros.

Hack Breaks PDF Encryption, Opens Content to Attackers

Threatpost

PDFex can bypass encryption and password protection in most PDF readers and online validation services. Hacks Vulnerabilities Adobe Acrobat chrome Encryption Firefox password protection Passwords PDF PDF files PDFex public key encryption

Attorney General Barr and Encryption

Schneier on Security

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations.