Articles about Encryption

The UK Home Secretary, Amber Rudd, has admitted that she doesn't understand end-to-end encryption, but still wants to "to find the best way to combat" it anyway. Speaking at the Conservative Party conference, she said that Silicon Valley had a "moral obligation" to help fight the crime and terrorism she believes is abetted by encryption technology.

Despite having previously voiced support for back doors into systems such as WhatsApp, Rudd said she does not want such access, nor is she seeking to ban encryption. Saying "I don't need to understand how encryption works to understand how it's helping -- end-to-end encryption -- the criminals," she added that she wants technology firms to make it easier for police and security services to access encrypted data.

Continue reading →

Microsoft has revealed a major new addition to its Azure cloud platform, aimed at keeping user data safe.

The feature, called Confidential Compute, will make sure the data is being encrypted even when it’s being computed on in-memory. So far, it’s been encrypted while stored or while in transit on a network.

Continue reading →

As of August 28, certain financial services companies based in New York now have to comply with the state’s new cybersecurity requirements, known by the (very long) acronym 23 NYCRR 500. On the line for affected banks and insurers are both penalties for non-compliance and potential business loss if they continue to expose their businesses to cyber threats.

The regulations took effect March 1, but included a three-month grace period for companies to get organized before needing to meet the first wave of mandates. Companies will have ongoing deadlines over the next two years as further layers of compliance continue to take effect. Notably, affected financial services companies will need to have an encryption strategy in place by September 2018.

Continue reading →

It used to be that very privacy conscious people were viewed as being a bit paranoid. Some of these evangelists for security and privacy would speak of conspiracy theories about governments and hackers accessing your email, private data, webcam feeds, and more. Well, it turns out many of these folks weren't crazy, and their conspiracy theories were actual fact. As Edward Snowden highlighted, some governments and other organizations are out to spy on you -- both for control and profit.

Thankfully, consumers are starting to wake up and become more aware, and some companies, such as Purism, are designing products to safeguard users. The company's laptops, for instance, run an open source Linux-based operating system, called "PureOS" with a focus on privacy. These machines even have hardware "kill switches" so you can physically disconnect a webcam or Wi-Fi card. Today, Purism announces that it is taking those same design philosophies and using them to build a new $599 smartphone called Librem 5. The planned phone will use the GNOME desktop environment and PureOS by default, but users can install different distros too. Sound good? Well you can help the company build it through crowdfunding.

Continue reading →

A new survey of information security professionals carried out at last month's Black Hat conference suggests that the majority think encryption backdoors are ineffective and potentially dangerous.

The study carried out by machine identity protection company Venafi finds that 72 percent of respondents don't believe encryption backdoors would make their nations safer from terrorists.

Continue reading →

The UK government has made no secret of its desire to exert greater control over the internet, and home secretary Amber Rudd has gone as far as suggesting that encryption should be weakened -- and backdoors should be included in software -- to make it easier to carry out surveillance on terrorists.

Lord Jonathan Evans, the former chief of MI5 in the UK, acknowledged that encryption had got in the way of monitoring communication between extremists, but said this should not be used as an excuse to weaken security.

Continue reading →

Amber Rudd, the UK Home Secretary, has claimed that "real people often prefer ease of use and a multitude of features to perfect, unbreakable security." Rudd holds the Conservative government's belief that it should be able to access encrypted messages, even when end-to-end encryption is used, such as with WhatsApp.

Using terrorism as a justification for wanting to gain access to encrypted messages, she goes on make extraordinary and misguided claims about what she and the government want. Her bizarre and misinformed rant in the Daily Telegraph is deeply concerning, not only because of the implications her suggestions have on privacy, but also the lack of technical knowledge she demonstrates while making her claims and demands.

Continue reading →

According to a new study 51 percent of people don’t believe their government can protect their personal data, and nearly two-thirds (65 percent) suspect their government already abuses its powers to access the data of citizens.

Identity protection company Venafi surveyed 3,000 consumers in the US, UK and Germany about initiatives that would grant governments more access to private, encrypted data.

Continue reading →

BlackBerry has announced that it is now able to sell its secure messaging solutions to the US and Canadian governments. The news comes after the company received endorsement from the NSA's National Information Assurance Partnership for SecuSUITE for Government.

BlackBerry points out that governments have long had to contend with wiretapping and other forms of surveillance, and says that SecuSUITE for Government offers effective end-to-end encryption for voice calls and text messages.

Continue reading →

With data breaches a problem that shows no signs of going away, businesses are increasingly seeking to protect their information with encryption.

But with large volumes of information this can be time consuming and costly. To address the problem, IBM is announcing a breakthrough encryption engine that, for the first time, makes it possible to encrypt all data associated with any application, cloud service or database all the time.

Continue reading →

UK businesses are putting almost no effort into securing the data they keep on USB drives, which is not in line with what GDPR demands, potentially putting them at risk of being hit with huge fines.

That's according to data storage firm Kingston, which concluded after polling 480 employees from companies in various industries.

Continue reading →

Password management service OneLogin has fallen victim to a serious attack. The company says that it "detected unauthorized access to OneLogin data in our US data region" -- this was blocked, but not before the attacker gained access to AWS keys and the ability to decrypt data.

The company warns that "all customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data." OneLogin has provided a guide for securing data, but it's possible that it may be too late for some people.

Continue reading →

Public cloud providers have ultimate control over our data, applications, and data flows on their platforms. This capability is the main cause of anxiety and a top reason for many companies to shy away from public cloud.

One of the possible solutions to the problem is to implement a "lock and key" mechanism for public clouds. This would allow re-balancing of data control. The question is whether cloud providers want that.

Continue reading →

Enterprises are accelerating their use of encryption and the strategy is being driven by business units rather than IT teams.

This is among the findings of a study into encryption habits by cyber security company Thales, based on research carried out by the Ponemon Institute. It finds that 41 percent of enterprises now have an encryption strategy in place.

Continue reading →

Last year, hacking group TheShadowBrokers released a number of NSA exploits into the wild, showing how the agency was able to exploit big-name firewalls. At the same time it also released a second cache of documents, encrypted and password protected. Now, in protest against Donald Trump, the group has released the password for the encrypted data.

TheShadowBrokers used a Medium post over the weekend to express their disgust at Trump's presidency. The documents and tools released allegedly demonstrate that the US government, through the NSA, has been actively hacking foreign government networks, and reveal an exploit for the Unix-based Solaris operating system.

Continue reading →