When it comes to the web, you expect U.S. Government sites to be very secure. Hell, with all of the money we taxpayers pay, the websites should be the most secure in the world. Unfortunately, this is not the case. You see, not only are many .gov websites not secure, they do not even universally use HTTPS. In other words, there are shopping sites more secure than those of the most powerful nation in the world.

Today, however, this changes. Barack Obama's White House has completed a new standard that all U.S. government websites will be forced to follow. While it is embarrassing that this is only happening in 2015, it is better late than never.

Continue reading →

We live in an age where people are more concerned about and more aware of privacy issues than ever before. Speaking at EPIC Champions of Freedom event in Washington, DC, Apple CEO Tim Cook criticized the government for seeking to implement backdoors into encryption techniques. He also hit out at Google and Facebook with their ad-dependant business models for infringing upon privacy.

He said that Apple wants to be different, saying: "We believe that people have a fundamental right to privacy. The American people demand it, the constitution demands it, morality demands it". Cook was at pains to stress that Apple should be viewed differently to other companies, assuring people that -- unlike others -- the company "doesn’t want your data".

Continue reading →

Facebook can send out quite a lot of emails to its users in the course of an average day. Notifications can fly in thick and fast letting you know about friend requests, replies to your posts, messages from contacts, and the like, and it's possible -- nay likely -- that these will contain delicate personal information.

To help calm the fear of those with privacy concerns ("why are they using Facebook?", you might well ask) Facebook today announces the introduction of OpenPGP encryption support. This gives users the opportunity to protect communication from Facebook by encrypting it so it cannot be read by unauthorized parties.

Continue reading →

The inexorable move towards the cloud continues apace, and something that remains a key concern is security. Microsoft thinks it may have come up with a solution in the form of Verifiable Confidential Cloud Computing, or VC3, which has been designed to keep cloud data encrypted and secure even when the data is being used to perform calculations.

Described as a "lockbox in the cloud", VC3 keeps data protected by using secure, managed hardware to perform any necessary decryption. Encrypted data is transferred to VC3-managed cloud hardware where it is then decrypted, used in calculations, and then re-encrypted.

Continue reading →

While many people focus on speed and capacity when buying storage devices, an often overlooked aspect is security. Of course, not everything necessarily needs to be encrypted and protected; while Aunt Edith's recipes and your family reunion photos are valuable to you, they aren't exactly the target of hackers or rogue government nations.

If you do need to encrypt and protect files, however, there are many options available to you. Today, Buffalo announces a unique drive, which offers NFC to securely access the hardware-encrypted drive. Rather than using biometrics or a password, an NFC smart card is all you need to unlock the rugged, water and dust resistant, military-grade MiniStation Extreme NFC USB 3.0 hard drive.

Continue reading →

A security audit of TrueCrypt has determined that the disk encryption software does not contain any backdoors that could be used by the NSA or other surveillance agencies. A report prepared by the NCC Group for Open Crypto Audit Project found that the encryption tool is not vulnerable to being compromised.

However, the software was found to contain a few other security vulnerabilities, including one relating to the use of the Windows API to generate random numbers for master encryption key material. Despite this, TrueCrypt was given a relatively clean bill of health with none of the detected vulnerabilities considered severe enough to lead "to a complete bypass of confidentiality in common usage scenarios".

Continue reading →

You'd think that governments would be encouraging people to keep their computers and personal data safe. Until relatively recently, this has been exactly what the FBI has been pushing -- suggesting that phone users should enable encryption on their handsets. But it seems that there has been something of a change of heart. It's probably Snowden's fault.

Now, as part of an "ongoing website redesign", advice about using encryption and protective PINs has vanished from the FBI website. Forget the security-focused devices such as the Blackphone 2, it appears that the bureau wants your data, and you, to be insecure.

Continue reading →

Following a four-day long security breach back in February, chat and collaboration tool Slack is finally getting two-factor authentication. Last month, the encrypted central user database was accessed by hackers although there is no indication that hashed passwords were decrypted.

Slack insists that no payment information was seen by hackers, and while the breach is far from good news, there is a silver lining: it has forced the company to look harder at security. Starting today, two-factor authentication is available which locks down accounts via the Android, iOS and Windows Phone apps.

Continue reading →

Illinois-based Zebra Technologies Corporation acquired Motorola Solutions' Enterprise business in late 2014 and is now announcing one of the first fruits of that link up.

Enterprise app development platform RhoMobile -- part of the MSE acquisition -- is launching a new independent software vendor (ISV)-targeted SDK through Digital Defence. Its aim is to make the task of protecting mobile applications more developer-friendly.

Continue reading →

The idea of forgetting the password for your email account might seem odd, but it happens. You might be one of those people who signed up for a Yahoo email address years ago, moved on to something better, and now only check in every few months to see if you've missed anything.

To combat the problem of forgotten passwords, Yahoo is introducing a new feature called On-demand passwords. There's no need to battle through the process of answering security questions to reset your password when you forget it; now you can create a temporary password that gets sent to your phone.

Continue reading →

Ransomware is one of the latest tactics used by cybercriminals to extract money from victims. CryptoLocker hit the headlines last year, encrypting the files on infected machines until a ransom was paid. Now the same idea has spread to the world of gaming thanks to Teslacrypt.

Teslacrypt works in much the same way as CryptoLocker, but its raison d'etre is seek out game saves and download content for dozens of popular titles and hold them to ransom. Until victims cough up $500 in Bitcoins, or make a $1,000 PayPal payment, there is no way to access the games.

Continue reading →

Yep, we know all about the NSA, thanks Edward. Yeah, it's possible (probable?) that a government agent somewhere is listening to or recording your conversations. And yes, even if you're not one of the tin-foil hat brigade, there's a danger that someone could tap into your phone. But you don’t have to be paranoid to want security; there are plenty of companies and enterprise customers for whom security is of the utmost importance.

While much of the news coming out of MWC 2015 has been dominated by Microsoft's Lumia 640, the Samsung Galaxy S6 Edge, and tablets from Sony, there's always room for something a little different. Following on from the security-focused Blackphone, Silent Circle used the Barcelona event to announce the follow-up -- the Blackphone 2.

Continue reading →

Technology firms in the US have written to the Chinese government asking for a postponement to the introduction of rules that would oblige companies to hand over source code as well as providing backdoors into hardware and security products sold to Chinese banks. A group of companies wrote to the Communist Party committee on cybersecurity to express disapproval at plans to underrcut the requirements later in the year.

China says that it is concerned solely with cybersecurity and wants foreign technology companies to submit to audits in addition to complying with the other demands. Outside China, the feeling is that the proposed regulations have been designed to either control outside business, or to scare companies out of the market, opening the way for Chinese firms.

Continue reading →

Secure communication is something we all crave online, particularly after Edward Snowden's NSA revelations increased public interest in privacy and security. With dozens of messaging tools to choose from, many claiming to be ultra-secure, it can be difficult to know which one to choose and which one to trust. Electronic Frontier Foundation (EFF) has published its Secure Messaging Scorecard which rates a number of apps and services according to the level of security they offer.

It's a fairly exhaustive list that includes numerous well-known names, as well as several more niche products. What is concerning, however, is that many of the most popular tools -- WhatsApp, Yahoo Messenger, Skype, SnapChat, and Facebook chat -- received very low ratings for failing to protect users and their communication data.

Continue reading →

There is now great interest in the level of governmental interference that takes place into online activity. Edward Snowden told the world about what the NSA was up to and there are now numerous websites dealing with the revelation that he made. One such site is The Intercept, and it has just published the secret manuals that are supplied to governments who want to use a suite of specialist tools to monitor web users' activities.

Sub-titled "the hacking suite for governmental interception", RCS 9 (or Remote Control System) is a suite of tools from Hacking Team. The Italian security and surveillance company is responsible for providing hacking and monitoring guides and software to a list of countries including Colombia, Korea, Mexico, Nigeria, and Saudi Arabia. RCS itself is "a solution designed to evade encryption" -- the sort of encryption put in place by Google.

Continue reading →