Let's Encrypt Vulnerability

Schneier on Security

The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. I am seeing nothing on the Let's Encrypt website.

Zoom Promises Geo-Fencing, Encryption Overhaul for Meetings

Data Breach Today

Web Conferencing Provider Blames Routing of Keys via China on Scaling-Up Error Zoom, responding to research that identified encryption and infrastructure shortcomings in its audio and video conferencing software, has promised to further revamp its security controls.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Analysis: Strong vs. Weak Encryption

Data Breach Today

The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications.

Facebook Pressured Over Encrypted Messaging Plans

Data Breach Today

US, UK and Australia Push for Law Enforcement Access Facebook is falling under renewed pressure for its plans to make its messaging platforms fully encrypted.

The Encryption 'Backdoor' Debate Continues

Data Breach Today

The latest edition of the ISMG Security Report offers a deep dive on the debate about whether law enforcement officials should have a "backdoor" to circumvent encryption.

MongoDB Offers Field Level Encryption

Schneier on Security

MongoDB now has the ability to encrypt data by field : MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient.

Australia Passes Encryption-Busting Law

Data Breach Today

Government Can Force Technology Companies to Break Encryption Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software

Google Releases Basic Homomorphic Encryption Tool

Schneier on Security

From a Wired article : Private Join and Compute uses a 1970s methodology known as "commutative encryption" to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys are used in. cryptography encryption google

Let's Encrypt: We Won't Revoke All Certificates Right Now

Data Breach Today

Mass Revocation Will Bring Too Much Concern, Project Says Let's Encrypt is going to take a softer approach to resolving the impacts from a bug in its systems that issues free TLS certificates.

Report: Encrypted Smartphone Takedown Outed Canadian Mole

Data Breach Today

After Arresting Phantom Secure CEO, Authorities Reportedly Saw Secrets for Sale The Canadian government has arrested a senior intelligence official on charges of working as a mole.

Encryption: Avoiding the Pitfalls That Can Lead to Breaches

Data Breach Today

Analysis of Common Mistakes Made When Encrypting Data The Marriott mega-breach is calling attention to whether organizations are storing too much data and whether they're adequately protecting it with the proper encryption steps.

Data Leakage from Encrypted Databases

Schneier on Security

Matthew Green has a super-interesting blog post about information leakage from encrypted databases. academicpapers databases encryptionIt describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson.

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

CIA Secretly Owned Swiss Encryption Firm for Years: Reports

Data Breach Today

Report: Apple Scuttled Encryption Plans for iCloud Backups

Data Breach Today

Technology Giant Didn't Want to 'Poke the Bear,' Sources Tell Reuters Apple previously scuttled plans add end-to-end encryption to iCloud backups, Reuters reports, noting that such a move would have complicated law enforcement investigations.

The Key to Enterprisewide Encryption

Dark Reading

Security teams have been slow to embrace enterprisewide encryption, and for good reasons. But the truth is, it doesn't have to be an all-or-nothing endeavor

Cryptanalyzing a Pair of Russian Encryption Algorithms

Schneier on Security

academicpapers algorithms backdoors cryptanalysis cryptography encryption hashes russiaA pair of Russia-designed cryptographic algorithms -- the Kuznyechik block cipher and the Streebog hash function -- have the same flawed S-box that is almost certainly an intentional backdoor.

Attorney General William Barr on Encryption Policy

Schneier on Security

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations.

German SG-41 Encryption Machine Up for Auction

Schneier on Security

cryptography encryption germany historyofcryptographyA German auction house is selling an SG-41. It looks beautiful. Starting price is 75,000 euros. My guess is that it will sell for around 100K euros.

Hack Breaks PDF Encryption, Opens Content to Attackers

Threatpost

PDFex can bypass encryption and password protection in most PDF readers and online validation services. Hacks Vulnerabilities Adobe Acrobat chrome Encryption Firefox password protection Passwords PDF PDF files PDFex public key encryption

Tech Industry Pushes for Australian Encryption Law Changes

Data Breach Today

Senate Committee Reviewing Law With an Eye to Amend Technology organizations say Australia's anti-encryption law passed in December is already undermining trust in their local operations.

G7 Comes Out in Favor of Encryption Backdoors

Schneier on Security

Some G7 countries highlight the importance of not prohibiting, limiting, or weakening encryption; There is a weird belief amongst policy makers that hacking an encryption system's key management system is fundamentally different than hacking the system's encryption algorithm.

IBM Announce Quantum Safe Encryption

Dark Reading

Techniques too tough for quantum computing solutions will be part of public cloud and tape storage encryption

IBM Announces Quantum Safe Encryption

Dark Reading

Techniques too tough for quantum computing solutions will be part of public cloud and tape storage encryption

Attorney General Barr and Encryption

Schneier on Security

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations.

Weak Encryption Leaves Mobile Health App at Risk for Hacking

Data Breach Today

DHS, Philips Issue Advisories for HealthSuite Android Health App The lack of strong encryption in Philips' HealthSuite Health Android app leaves the mobile health software vulnerable to hacking, according to a new advisory issued by the medical device manufacturer and an alert from the Department of Homeland Security.

Is All Encryption Equal?

Thales eSecurity

Data encryption has been around almost since the age of computers. In truth, anyone with minimal experience can write a simple script that uses default services built into virtually every OS to encrypt data. The answer to these question changes your encryption strategy.

Ray Ozzie's Encryption Backdoor

Schneier on Security

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. The public key goes into the processor and the device, and is used to encrypt whatever user key encrypts the data.

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Security Affairs

Let’s Encrypt is going to revoke over 3 million certificates today due to a flaw in the software used to verify users and their domains before issuing a certificate. “Let’s Encrypt found a bug in our CAA code. ” reads the advisory published by Let’s Encrypt.

Presidential Candidate Andrew Yang Has Quantum Encryption Policy

Schneier on Security

At least one presidential candidate has a policy about quantum computing and encryption. One: fund quantum-resistant encryption standards. blockchain cryptography encryption nationalsecuritypolicy quantumcomputing

IEEE Statement on Strong Encryption vs. Backdoors

Schneier on Security

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. backdoors encryption keyescrow nationalsecuritypolicy vulnerabilities

Intel Patches Firmware Flaw That Leaks ME Encryption Keys

Data Breach Today

It has issued yet another patch for its Management Engine after a researcher was able to extract two types of encryption keys. Researcher Finds Intel's Previous Management Engine Patches Weren't Foolproof Intel has had a challenging time of late on the vulnerability front.

Former FBI General Counsel Jim Baker Chooses Encryption Over Backdoors

Schneier on Security

This is true even though encryption will impose costs on society, especially victims of other types of crime. [.]. Basically, he argues that the security value of strong encryption greatly outweighs the security value of encryption that can be bypassed.

The Debate Over How to Encrypt the Internet of Things

WIRED Threat Level

So-called lightweight encryption has its place. But some researchers argue that more manufacturers should stick with proven methods. Security Security / Security News

FBI: Encryption Blocked Access to 7,800 Devices

Data Breach Today

Director Calls For 'Responsible' Solution That's Not a Backdoor FBI Director Christopher Wray says the agency was unable to access nearly 7,800 devices in fiscal 2017 because of encryption, which he alleges will pose ever-increasing complications for law enforcement.

NEW TECH: Can MPC — Multi Party Computation — disrupt encryption, boost cloud commerce?

The Last Watchdog

Encryption is a cornerstone of digital commerce. Related: A ‘homomorphic-like’ encryption solution We know very well how to encrypt data in transit. And we’ve mastered how to encrypt — and decrypt — data at rest. However, we’ve yet to arrive at a seminal means to crunch encrypted data – without first having to decrypt it. PKI is the authentication and encryption framework on which the Internet is built.

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

The Last Watchdog

It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol. So cyber criminals, too, have begun regularly using TLS to encrypt their attacks.

Apple Mail stores parts of encrypted emails in plaintext DB

Security Affairs

The Apple Mail app available on macOS stores leave s a portion of users encrypted emails in plaintext in a database called snippets. SecurityAffairs – encryption, hacking). The post Apple Mail stores parts of encrypted emails in plaintext DB appeared first on Security Affairs.

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

Schneier on Security

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

The Same Old Encryption Debate Has a New Target: Facebook

WIRED Threat Level

Attorney general William Barr seems eager to reignite the encryption wars, starting with the social media giant. Security Security / Privacy