Security-minded computer users frequently turn to encryption to protect sensitive files. For those looking to go a step further, TrueCrypt offered full-disk encryption... at least it did until it was abandoned by its developers.

Since the software was dropped, researchers have discovered that it contains numerous security vulnerabilities, and two new flaws have been found that allow an attacker to gain elevated privileges. As part of Google's Project Zero, security researchers have been probing the encryption software -- which is still widely used -- for additional problems. The severity of the newly-discovered problems has led to renewed calls for remaining TrueCrypt users to seek an alternative.

There have been countless stories about the activities of the NSA and the revelations by Edward Snowden continue. A new batch of documents leaked by the former NSA contractor show that GCHQ ran a program called Karma Police that was used to "build a web-browsing profile for every visible user on the internet".

If that sounds a little sinister, that's because it is. You would think that we might have become hardened to this sort of thing, but it is still comes as a slight surprise to learn of the extent of surveillance that has been taking place. The UK government has been building profiles of web users around the world based on their browsing histories (news, porn, social networking, and so on), monitoring email and Skype communication and more for the last seven years.

The Indian government has performed a U-turn on a proposed encryption policy. Draft papers showed that the plan was to require people to store non-encryption versions of any data they have encrypted.

The draft policy was an all-encompassing one, and this led to a vocal backlash from users of social networks and messaging tools. The Indian government was forced to backtrack somewhat, making it clear that social media would be exempt and indicating that there is still a great deal of work to be done on the policy.

The likes of Adam Ant and Billy Bragg are among the names backing the Free At What Cost? project. Launched by British composer Hélène Muddiman, the idea behind the campaign is to ensure that artists and content creators get a fair deal by charging for online views and listens.

The basic idea is to protect content against free viewing in an extension of the idea of simple DRM. While the logistics are still to be fully detailed, one of the proposals is to use a Bitcoin-like payment system to enables people to pay artists directly for access to their content.

The fallout from the Ashley Madison hack continues. After the passwords of millions of users were stolen in a huge security breach, the encrypted database has now been cracked. A cracking group called CynoSure Prime eschewed a time-consuming brute force approach to breaking into the database, and instead exploited information revealed by a change the infidelity site made to the way it stored data.

This change effectively rendered pointless the bcrypt encryption that had been used to protect data. It was possible to dramatically speed up the cracking process so data was accessible in a matter of days rather than years. So should users of Ashley Madison be worried?

Microsoft and Apple are battling the US government over the right to keep their users’ data safe, and according to a report by The New York Times, the American tech companies are winning.

At least they’re winning in the public relations game, as the general notion today is that those companies are doing everything they can to protect their users’ privacy.

Despite a court order instructing the company to hand over text conversations between iMessage accounts to the FBI, Apple says that its own encryption system means it cannot do so. The Justice Department obtained a court order that required Apple to provide real time access to text messages sent between suspects in an investigation involving guns and drugs.

Apple has responded by saying that the fact iMessage is encrypted means that it is simply not able to comply with the order. The stand-off between the US government and Apple could last for some time as neither side is willing -- or possibly able -- to back down.

The NSA is concerned that current methods of cryptography, used to encrypt data and ensure that if it does fall into the wrong hands it’s not readable or usable, are going to be woefully inadequate and easily broken when quantum computers come into play.

Of course, this isn’t going to be something that happens in the near future, as quantum computers -- which instead of bits, use qubits that can hold three states instead of the usual binary 0 or 1 -- are still merely conceptual in nature, and won’t be fully realized for many decades yet.

Security professionals are naturally concerned with protecting sensitive data within their organization and elsewhere, particularly given the increasing numbers of threats.

A new survey of more than 100 information security professionals by data security specialist Vormetric and risk management research organization IANS reveals that 84 percent of respondents had considered a security strategy of encrypting all their sensitive data.

A lot of security systems are based on random numbers, prime numbers, or a combination of the two. But generating random numbers is not as random as you might expect -- or hope -- and it relies on sources of broadly random data that can be used as a starting point. The problem is that these sources of data are not large enough.

The entropy of data generated by Linux servers -- which are the backbone of much of the internet -- is, says security expert Bruce Potter, too low. Speaking at Black Hat USA 2015 -- an event which has already seen the unveiling of the Thunderstrike 2 firmware malware and the Stagefright-beating Certifi-Gate Android vulnerability -- Potter warns that the low entropy problem means that seemingly random numbers could in fact be easier to guess or crack than first thought.

The security of mobile communications is of paramount importance to many people, but it is particularly high on the list of priorities for business and enterprise customers. Silent Circle is a company that caters to those concerned with privacy and security, billing its work as the 'world's first enterprise privacy platform'.

The company's original Blackphone generated some interest, and earlier in the year we learned about the follow-up -- the Blackphone 2. Kitted out with a customized version of Android, the security-focused handset is the latest addition to Android for Work, Google's own security-focused program.

VeriFyle, the company headed by Hotmail inventor and co-founder Jack Smith, has a new encryption key management technology which it believes will "re-invent how the world thinks about secure sharing and messaging". The major difference is that any object that is shared to the cloud using the system is encrypted for individual users rather than in bulk.

Cellucrypt offers such a high level of security that VeriFyle believes that it "makes illicit bulk-access to customer data virtually impossible." It's a bold claim, but Cellucrypt builds on the traditional public-key system with the addition of password-derived keys.

In light of the recent news that the UK government is pushing harder for a legislation which would allow it to monitor all digital communications, and ban those apps that use encryption, a huge debate has sparked on whether the government should be allowed to do this or not.

Professor of Law at the London School of Economics, Andrew Murray, has had his say on the matter in a Huffington Post article, arguing that banning communications apps to curb the work of terrorist groups would be similar to banning cars in order to stop terrorists from using them.

Following a massive security breach, Italian security firm Hacking Team warned that its government-strength surveillance tools could have fallen into the hands of terrorists. The company advised its customers -- including governments and law agencies around the world -- to stop using its software, and is now launching something of a damage-limitation exercise.

Hacking Team has released a statement indicating that far from giving up and admitting defeat, a new, more powerful version of its software will be released soon. The replacement for Galileo, called Remote Control System 10, is described as a "complete revision" of the old system and "not simply an update". The security firm also stresses that not all of its source code was compromised, only code which is considered obsolete.

Adding backdoors so governments can access data is a "major security risk". This is the (perhaps slightly obvious) conclusion of security experts and cryptographers writing in a report entitled Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications.

The report from the Massachusetts Institute of Technology’s Computer Science and Artificial Intelligence Lab criticizes plans to allow law enforcement agencies unfettered access to encrypted data through the use of either front doors or backdoors. More importantly it poses the question: "if we want to maintain the security of user information, is this sort of access even technically possible?"