Analysis: Strong vs. Weak Encryption

Data Breach Today

The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications. Plus, D-Link's proposed settlement with the FTC and a CISO's update on medical device security

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The Encryption 'Backdoor' Debate Continues

Data Breach Today

The latest edition of the ISMG Security Report offers a deep dive on the debate about whether law enforcement officials should have a "backdoor" to circumvent encryption.

Report: Encrypted Smartphone Takedown Outed Canadian Mole

Data Breach Today

After Arresting Phantom Secure CEO, Authorities Reportedly Saw Secrets for Sale The Canadian government has arrested a senior intelligence official on charges of working as a mole.

Australia Passes Encryption-Busting Law

Data Breach Today

Government Can Force Technology Companies to Break Encryption Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software

The Key to Enterprisewide Encryption

Dark Reading

Security teams have been slow to embrace enterprisewide encryption, and for good reasons. But the truth is, it doesn't have to be an all-or-nothing endeavor

The Debate Over How to Encrypt the Internet of Things

WIRED Threat Level

So-called lightweight encryption has its place. Security Security / Security NewsBut some researchers argue that more manufacturers should stick with proven methods.

Attorney General William Barr on Encryption Policy

Schneier on Security

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it.

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

The Last Watchdog

It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol. So cyber criminals, too, have begun regularly using TLS to encrypt their attacks.

Android Ups the Mobile Security Ante with Default TLS Encryption

Threatpost

More than 90 percent of Android apps running on the latest OS encrypt their traffic by default. Cryptography Mobile Security Privacy Web Security Android by default certificates Encryption google HTTPS os version 9 pie required tls

The Same Old Encryption Debate Has a New Target: Facebook

WIRED Threat Level

Attorney general William Barr seems eager to reignite the encryption wars, starting with the social media giant. Security Security / Privacy

Weak Encryption Leaves Mobile Health App at Risk for Hacking

Data Breach Today

DHS, Philips Issue Advisories for HealthSuite Android Health App The lack of strong encryption in Philips' HealthSuite Health Android app leaves the mobile health software vulnerable to hacking, according to a new advisory issued by the medical device manufacturer and an alert from the Department of Homeland Security.

Apple Mail stores parts of encrypted emails in plaintext DB

Security Affairs

The Apple Mail app available on macOS stores leave s a portion of users encrypted emails in plaintext in a database called snippets. SecurityAffairs – encryption, hacking). The post Apple Mail stores parts of encrypted emails in plaintext DB appeared first on Security Affairs.

DuckDuckGo Will Automatically Encrypt More Sites You Visit

WIRED Threat Level

If a site offers HTTPS, DuckDuckGo's Smarter Encryption will take you there. Security Security / Security News

Adiantum will bring encryption on Android devices without cryptographic acceleration

Security Affairs

Google announced Adiantum, a new encryption method devised to protect Android devices without cryptographic acceleration. Google announced Adiantum , a new encryption method devised to protect Android devices without cryptographic acceleration. SecurityAffairs – Android, encryption).

Is All Encryption Equal?

Thales eSecurity

Data encryption has been around almost since the age of computers. In truth, anyone with minimal experience can write a simple script that uses default services built into virtually every OS to encrypt data. The answer to these question changes your encryption strategy.

A Plan to Stop Breaches With Dead Simple Database Encryption

WIRED Threat Level

Database giant MongoDB has a new encryption scheme that should help slow the scourge of breaches. Security Security / Security News

Attorney General Barr and Encryption

Schneier on Security

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it.

Facebook Says Encrypting Messenger by Default Will Take Years

WIRED Threat Level

Mark Zuckerberg promised default end-to-end encryption throughout Facebook's platforms. Security Security / Security NewsNearly a year later, Messenger's not even close.

Ray Ozzie's Encryption Backdoor

Schneier on Security

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. Basically, each device has a unique public/private key pair and a secure processor. We know how to make backdoors, we just don't know how to secure them.

Former FBI General Counsel Jim Baker Chooses Encryption Over Backdoors

Schneier on Security

This is true even though encryption will impose costs on society, especially victims of other types of crime. [.]. Basically, he argues that the security value of strong encryption greatly outweighs the security value of encryption that can be bypassed.

13-Year-Old Encryption Bugs Still Haunt Apps and IoT

WIRED Threat Level

RSA encryption has been around for decades. Unfortunately, so have bad implementations that leave it less secure. Security Security / Cyberattacks and Hacks

Ryuk Ransomware evolution avoid encrypting Linux folders

Security Affairs

Experts spotted a new strain of the Ryuk Ransomware that was developed to avoid encrypting folders commonly seen in *NIX operating systems. Kremez noticed that the ransomware doesn’t encrypt folders that are associated with *NIX operating systems.

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

Schneier on Security

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Russian govn blocked Tutanota service in Russia to stop encrypted communication

Security Affairs

Tutanota , the popular free and open-source end-to-end encrypted email software, has been blocked by Russian authorities. The popular free and open-source end-to-end encrypted email service Tutanota has been blocked in Russia on Friday evening.

Slack Launched Encryption Key Addon For Businesses

Security Affairs

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. One of the main reason why companies are launching security centric features is, they value their customer’s data, privacy and security. Slack announced today to launch encryption keys that will help businesses to protect their data.

Presidential Candidate Andrew Yang Has Quantum Encryption Policy

Schneier on Security

At least one presidential candidate has a policy about quantum computing and encryption. One: fund quantum-resistant encryption standards. Unlike many far more pressing computer security problems, the market seems to be doing this on its own quite nicely.).

IEEE Statement on Strong Encryption vs. Backdoors

Schneier on Security

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. Governments have legitimate law enforcement and national security interests.

Encrypted Emails on macOS Found Stored in Unprotected Way

Threatpost

Apple is investigating an issue raised by a Mac specialist discovered to be storing emails that are supposed to be S/MIME-encrypted as readable files. Vulnerabilities apple Apple Mail Data Privacy Data security database email Encryption macOS s/mime Security Siri

GDPR Compliance – Encryption

Perficient Data & Analytics

This data undergoes various actions and it is termed as ‘processed data’ Effective data protection techniques when applied to personal data, makes it secure. GDPR Compliant Encryption Methods. Standard Encryption. Standard Encryption. Symmetric Encryption.

Attorney General Barr Argues for Access to Encrypted Content

Data Breach Today

Critics Argue That Backdoors Would Create Security Risks U.S. Attorney General William Barr argued on Tuesday that enabling law enforcement to access encrypted content would only minimally increase data security risks. Barr's comments drew criticism from lawmakers and technologists, who contend backdoors would put the public at greater risk

Is Payments Industry Ready for New Encryption Protocols?

Data Breach Today

PCI-DSS Requirement Looms on June 30 New PCI requirements that go into effect June 30 are pushing payment card acquirers, processors, gateways and service providers worldwide to implement more secure encryption protocols for transactions.

How Encryption Became the Board’s New Best Friend

Thales eSecurity

For many years, encryption has been viewed as a burden on businesses – expensive, complex and of questionable value. While 97% of IT experts indicated they are going through some type of digital transformation, only 30% have adopted an encryption strategy. Enter encryption.

Database Encryption Key Management

Thales eSecurity

Streamlining operations and improving security. Large data scale breaches have led an increasing number of companies to embrace comprehensive encryption strategies to protect their assets. Solutions for Transparent Database Encryption. Data security

How Does Encryption Work?

Productivity Bytes

The word “encryption” is synonymous with data protection, and most people are aware of its functionality in their day-to-day lives within a digital context. While these are all uses for encryption, they don’t answer the … + Read More.

The GDPR: Requirements for encryption

IT Governance

Six months since the GDPR (General Data Protection Regulation) came into force, pseudonymisation and data encryption remain the only technology measures specifically mentioned in the famously technology-agnostic Regulation. But what exactly is meant by ‘pseudonymisation’ and ‘encryption’?

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain

Security Affairs

The encryption system implemented by popular solid-state drives (SSDs) is affected by critical vulnerabilities that could be exploited by a local attacker to decrypt data. “We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. The encryption in our products is handled by a chip inside the actual hardware itself.

How to Get the Most Out of Your Smartphone's Encryption

WIRED Threat Level

Both iPhones and Androids are encrypted by default. Security Security / Security AdviceBut there are steps you can take to safeguard your data on backups and messaging apps.

The Next Step in End-to-End Encryption: Introducing EncryptReduce

Thales eSecurity

This past March at RSAC 2019, Pure Storage and Thales introduced the security industry’s first end-to-end data encryption framework that realizes storage array data reduction efficiencies. Data security