Articles about Encryption

We live in an age where privacy is valued incredibly highly, but at the same time there are more and more ways for our privacy to be encroached upon. One of the most recent concerns came after the US Senate voted last week to allow ISPs to sell customers' browsing histories without consent.

Things were turned up a notch a couple of days ago when the House agreed and voted to repeal FCC-approved privacy rules. Since the result of the vote was known, there have been reports of a huge surge in interest in VPN tools, private search engines and the like, and now VPN review site The Best VPN has come up with a series of tips to help internet users maintain their privacy, and stop ISPs from getting their hands on potentially sensitive information about browsing habits.

Continue reading →

In an age of constant surveillance and eroding privacy, there is increasing interest in secure messaging platforms such as WhatsApp and Telegram. While Telegram has gained quite a following, there is one feature that users have been begging for: voice calls.

Now users' prayers have been answered. The latest update to Telegram finally heralds the arrival of secure voice calling, and it features an interesting key exchange mechanism: users need just compare four emoji. If the emoji match, the connection is secure!

Continue reading →

The UK Home Secretary Amber Rudd is today meeting with technology firms to discuss how they can help to combat terrorism. The meeting comes just days after Rudd said that encrypted messaging services such as WhatsApp should not be a "secret place to hide."

Calls for backdoors to be built into encrypted apps and services have been met with shock, derision and incredulity, but some have pointed out that the controversial Investigatory Powers Act (aka the snooper's charter) already grants the government the right to force the removal of encryption. Ahead of the Rudd's meeting, civil liberty organizations have written a letter demanding transparency.

Continue reading →

WhatsApp has been criticized for failing to help police following the revelation that Khalid Masood used the encrypted messaging service shortly before running down numerous people and stabbing a policeman to death in London last week.

The UK home secretary Amber Rudd spoke out over the weekend, saying that police and other agencies should be granted access to encrypted messages with a view to countering future terrorist attacks. Later this week, Rudd is due to meet with technology leaders to talk about how the government should be able to access messages protected by end-to-end encryption -- something already dropped from the controversial snooper's charter.

Continue reading →

When WikiLeaks' Vault 7 revelations about the spying capabilities and techniques were unleashed, there was concern about a number of popular apps and services that -- the documents suggested -- had been compromised. Included in this list are popular, secure chat apps WhatsApp and Telegram, and Check Point software has just released details of a vulnerability that left millions of user accounts exposed to hackers.

Google was recently criticized for releasing details of a security hole in Windows (and, subsequently another one in Internet Explorer and Microsoft Edge) before Microsoft had patched it. In fact, it was a third party who jumped to the rescue, issuing patches before Microsoft. This time around, however, after notification of the problems from security firm Check Point, WhatsApp and Telegram both patched the security holes within a week.

Continue reading →

Privacy and security are major concerns when it comes to life online, but a survey by Mozilla reveals that a worrying number of people do not know how to stay in control of them. The company also found that a third of people feel they have no control over their information online, with a similar number confessing to knowing "very little" about encryption.

But these are not the only concerns of internet users. Mozilla also asked about people's greatest online fears. Topping the list is "being hacked by a stranger" (a fear held by 80 percent of people), and "being tracked by advertisers" (61 percent). As well as presenting the results of its survey, Mozilla also has some important advice.

Continue reading →

After two years of research, Google has shown that it has successfully broken SHA-1 encryption. The company is yet to release details of how it achieved the first SHA-1 "collision", but has released a proof of concept.

In keeping with its own disclosure policy, details of how the encryption was effectively broken will be released after 90 days. In the meantime, you can take a look at two specially-crafted PDF files that have identical SHA-1 hashes but different content (the definition of a collision).

Continue reading →

A new survey reveals a disconnect between the security solutions organizations spend money on and the ability of those solutions to protect sensitive data.

The study from security solutions company Thales e-Security and 451 Research finds that while 30 percent of respondents classify their organizations as 'very vulnerable' or 'extremely vulnerable' to data attacks the two top spending priorities are network (62 percent) and endpoint (56 percent) protection solutions.

Continue reading →

Facebook has long-claimed that its WhatsApp messaging service is completely secure and messages cannot be intercepted thanks to its use of end-to-end encryption. But researchers have unearthed what they call a serious security flaw that makes it possible to read encrypted messages.

Based on Open Whisper Systems' Signal Protocol, the unique security keys used to implement end-to-end encryption should keep messages secure. But WhatsApp can force offline users to generate new keys and this could allow Facebook -- and third parties -- to read messages.

Continue reading →

The election of Donald Trump has alarmed privacy advocates who worry that the self-described "law-and-order" president will take a more heavy-handed approach towards issues of security and privacy. Of particular concern are fears that there will be attempts to weaken or otherwise disable the encryption that is widely used to protect sensitive data and maintain user privacy.

Based on the proposed cabinet-level nominees put forth by Trump, these fears may be well-founded.

Continue reading →

The Congressional Encryption Working Group (EWG) was set up in the wake of the Apple vs FBI case in which the FBI wanted to gain access to the encrypted contents of a shooter's iPhone. The group has just published its end-of-year report summarizing months of meetings, analysis and debate.

The report makes four key observations, starting off with: "Any measure that weakens encryption works against the national interest". This is certainly not a new argument against encryption backdoors for the likes of the FBI, but it is an important one. EWG goes on to urge congress not to do anything to weaken encryption.

Continue reading →

A security vulnerability discovered in numerous Linux distros potentially puts millions of users at risk. CVE-2016-4484 (Cryptsetup Initrd root Shell) affects the Cryptsetup script that is used to unlock partitions encrypted with LUKS (Linux Unified Key Setup).

The flaw means that it is possible for a hacker to access, change or delete data on the hard drive, and it is not even necessary to have physical access to exploit the vulnerability in every circumstance. But the worrying thing is just how easy the problem is to exploit.

Continue reading →

In an effort to demonstrate how AI could be used to boost encryption, researchers at Google taught two neural networks how to communicate with one another while keeping their conversation secret from a third.

Researchers at the company's deep learning initiative, Google Brain, have successfully taught two neural networks, given the nicknames "Alice" and "Bob", to secretly communicate with one another while keeping the details of their conversations hidden from one called "Eve". Last week, the team behind this endeavor published a paper detailing the process of the experiment and its results.

Continue reading →

Despite a desire to be more connected than ever before, people are simultaneously more concerned than ever about their security and privacy. This is certainly true when it comes to messaging tools, and the privacy features offered by a particular app or service can be what sways your decision to use it one way or the other.

Justice group Amnesty International has spent some time analyzing the privacy and encryption found in a number of popular messaging tools and compiled results in a ranked list. The findings make for interesting reading, not least because Facebook is ranked the most highly.

Continue reading →

Facebook's recently rolled-out Secret Conversations heralded the arrival of not only end-to-end encryption for users, but also disappearing messages. Not to be outdone, Edward Snowden's favorite messaging service, Signal, has followed suit.

The company behind the app, Open Whisper Systems, points out that the feature is not really designed to further improve security and privacy; rather it is a way "to keep your message history tidy".

Continue reading →