Articles about Encryption

When talk turns to privacy and online anonymity, it isn’t long before Tor enters the discussion. The Tor browser has become famous for its use of .onion domains, making it easier for people to browse the web without fear of being snooped upon.

Now there is a new tool for the security-minded to play with. Tor Messenger Beta is -- as you would expect -- a chat tool that routes traffic through Tor. One thing it has in its favor right from the start is that this is not a weird proprietory app -- it can be used in conjunction with existing networks such as Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and more.

Continue reading →

The UK government is sending mixed messages about how it views privacy and security. Fears have been mounting since Prime Minister David Cameron wondered aloud "in our country, do we want to allow a means of communication between people which we cannot read?" -- his view obviously being that, no, we don’t want to allow such a thing.

Following the revelations about the spying activities of the NSA and GCHQ, public attention has been focused more than ever on privacy and encryption, Cameron having also suggested a desire to ban encryption. Today, some fears were allayed when it was announced that the government was not seeking to require software developers to build backdoors into their products. That said, the government said that companies should be able to decrypt 'targeted' data when required, and provide access to it.

Continue reading →

Security researchers have discovered that a number of Western Digital drives -- including many My Passport and My Book devices -- are blighted with serious vulnerabilities that leave encrypted data stored on them accessible by attackers. The self-encrypting drives were found to be so insecure that it was possible to recover data without the need for the relevant password.

A paper published at the end of September provides details of how some Western Digital drives are susceptible to brute force type attacks, and there are even some models which store the decryption key on the drive. Western Digital would almost certainly rather people were talking about its purchase of SanDisk, but people are more likely to be interested in the company's seemingly terrible approach to security.

Continue reading →

In a debate held on Monday, Apple’s CEO Tim Cook argued with government agencies over privacy and backdoor issues once again, stressing that a backdoor is not a good solution.

According to a Bloomberg report, he squared off with NSA Director Admiral Michael Rogers at the Wall Street Journal Digital Live technology conference in Laguna Beach, California.

Continue reading →

US President Barack Obama’s administration will no longer pursue legislation which allows the government to legally spy on its citizens, Reuters reported on Monday.

A White House spokesperson confirmed the move, announcing a change in strategy for the US government, where it will go for a more patient approach.

Continue reading →

Smartphone owners will often argue over which mobile platform is the most secure, but if you're looking for the ultimate security, you need to step away from the mainstream. Silent Circle is probably the best known off-the-beaten-track company thanks to its ultra-secure Blackphone, but now there is a new contender: the GranitePhone by SIKUR.

Just as the Blackphone 2 runs the custom-made Silent OS 2.0, so the GranitePhone is driven by Graphite OS. It's a handset aimed at not only governments and businesses looking to secure their communications and data, but also individuals who are particularly concerned about their privacy.

Continue reading →

The Obama administration has announced that it will not require companies to decrypt encrypted messages for law enforcement agencies. This is being heralded as a 'partial victory' by the Electronic Frontier Foundation; partial because, as reported by the Washington Post, the government "will not -- for now — call for [such] legislation".

This means that at the moment companies will not be forced to build backdoors into their products, but there is no guarantee that this won’t happen further down the line. The government wants to continue talks with the technology industry to find a solution, but leaving things in limbo for the time being will create a sense of unease on both sides of the debate.

Continue reading →

Security-minded computer users frequently turn to encryption to protect sensitive files. For those looking to go a step further, TrueCrypt offered full-disk encryption... at least it did until it was abandoned by its developers.

Since the software was dropped, researchers have discovered that it contains numerous security vulnerabilities, and two new flaws have been found that allow an attacker to gain elevated privileges. As part of Google's Project Zero, security researchers have been probing the encryption software -- which is still widely used -- for additional problems. The severity of the newly-discovered problems has led to renewed calls for remaining TrueCrypt users to seek an alternative.

Continue reading →

There have been countless stories about the activities of the NSA and the revelations by Edward Snowden continue. A new batch of documents leaked by the former NSA contractor show that GCHQ ran a program called Karma Police that was used to "build a web-browsing profile for every visible user on the internet".

If that sounds a little sinister, that's because it is. You would think that we might have become hardened to this sort of thing, but it is still comes as a slight surprise to learn of the extent of surveillance that has been taking place. The UK government has been building profiles of web users around the world based on their browsing histories (news, porn, social networking, and so on), monitoring email and Skype communication and more for the last seven years.

Continue reading →

The Indian government has performed a U-turn on a proposed encryption policy. Draft papers showed that the plan was to require people to store non-encryption versions of any data they have encrypted.

The draft policy was an all-encompassing one, and this led to a vocal backlash from users of social networks and messaging tools. The Indian government was forced to backtrack somewhat, making it clear that social media would be exempt and indicating that there is still a great deal of work to be done on the policy.

Continue reading →

The likes of Adam Ant and Billy Bragg are among the names backing the Free At What Cost? project. Launched by British composer Hélène Muddiman, the idea behind the campaign is to ensure that artists and content creators get a fair deal by charging for online views and listens.

The basic idea is to protect content against free viewing in an extension of the idea of simple DRM. While the logistics are still to be fully detailed, one of the proposals is to use a Bitcoin-like payment system to enables people to pay artists directly for access to their content.

Continue reading →

The fallout from the Ashley Madison hack continues. After the passwords of millions of users were stolen in a huge security breach, the encrypted database has now been cracked. A cracking group called CynoSure Prime eschewed a time-consuming brute force approach to breaking into the database, and instead exploited information revealed by a change the infidelity site made to the way it stored data.

This change effectively rendered pointless the bcrypt encryption that had been used to protect data. It was possible to dramatically speed up the cracking process so data was accessible in a matter of days rather than years. So should users of Ashley Madison be worried?

Continue reading →

Microsoft and Apple are battling the US government over the right to keep their users’ data safe, and according to a report by The New York Times, the American tech companies are winning.

At least they’re winning in the public relations game, as the general notion today is that those companies are doing everything they can to protect their users’ privacy.

Continue reading →

Despite a court order instructing the company to hand over text conversations between iMessage accounts to the FBI, Apple says that its own encryption system means it cannot do so. The Justice Department obtained a court order that required Apple to provide real time access to text messages sent between suspects in an investigation involving guns and drugs.

Apple has responded by saying that the fact iMessage is encrypted means that it is simply not able to comply with the order. The stand-off between the US government and Apple could last for some time as neither side is willing -- or possibly able -- to back down.

Continue reading →

The NSA is concerned that current methods of cryptography, used to encrypt data and ensure that if it does fall into the wrong hands it’s not readable or usable, are going to be woefully inadequate and easily broken when quantum computers come into play.

Of course, this isn’t going to be something that happens in the near future, as quantum computers -- which instead of bits, use qubits that can hold three states instead of the usual binary 0 or 1 -- are still merely conceptual in nature, and won’t be fully realized for many decades yet.

Continue reading →