Articles about encryption

EU: No encryption backdoors but, eh, let's help each other crack that crypto, oui? Ja?

The European Commission has proposed that member states help each other break into encrypted devices by sharing expertise around the bloc. In an attempt to tackle the rise of citizens using encryption and its effects on solving crimes, the commission decided to sidestep the well-worn, and well-ridiculed, path of demanding …
Rebecca Hill, 19 Oct 2017
sad kids

Hackers can track, spoof locations and listen in on kids' smartwatches

Tests on smartwatches for children by security firm Mnemonic and the Norwegian Consumer Council have revealed them to be riddled with flaws. The Oslo-based company teamed up with the trading standards body to investigate several smartwatches aimed at kids, specifically the Xplora (and associated mobile application Xplora T1), …
John Leyden, 18 Oct 2017

Never mind the WPA2 drama... Details emerge of TPM key cockup that hits tonnes of devices

RSA keys produced by smartcards, security tokens, laptops, and other devices using cryptography chips made by Infineon Technologies are weak and crackable – and should be regenerated with stronger algorithms. In short, Infineon TPMs – aka trusted platform modules – are used in countless computers and gadgets to generate RSA …
John Leyden, 16 Oct 2017
Wi-fi symbol made out of clouds. Photo by Shutterstock

WPA2 KRACK attack smacks Wi-Fi security: Fundamental crypto crapto

Updated Users are urged to continue using WPA2 pending the availability of a fix, experts have said, after security researchers went public with more information about a serious flaw in the wireless encryption protocol. So-called Key Reinstallation Attacks, aka KRACK, potentially work against all modern protected Wi-Fi networks. …
John Leyden, 16 Oct 2017
FACEPALM

'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

Continuing the US government's menacing of strong end-to-end encryption, Deputy Attorney General Rod Rosenstein told an audience at the US Naval Academy that encryption isn't protected by the American Constitution. In short, software writers and other nerds: the math behind modern cryptography is trumped by the Fourth …

It's 4PM on Friday, almost time to log off and, oh look, Disqus says it's been hacked

Disqus, the developer of website comment systems used worldwide, is playing the old "bury bad news late on a Friday" card – as it just confessed one of its databases was swiped by hackers. The software maker, which produces reader comment boards for blogs and newspapers everywhere, admitted at 4pm Pacific Time, Friday, that a …
Shaun Nichols, 6 Oct 2017
Keybase.io encrypted git screenshot

Keybase Git gets keys, basically: Secure chat app encrypts your repos

Keybase.io, which began as a cloud key database and has since evolved into a secure messaging and collaboration service, on Wednesday added support for encrypted Git repositories. Git, a version control system widely used for managing source code, doesn't encrypt files stored in Git repositories. It can, however, be used in …
An inspector in a white hat

Open your doors to white hats before black hats blow them off, US deputy AG urges big biz

The second-in-command at the US Department of Justice says every business should have its own program to let third-party researchers find and report bugs. Speaking at the Cambridge Cyber Summit in Boston today, Deputy Attorney General Rod Rosenstein said bug bounty and white-hat research programs will help companies avoid …
Shaun Nichols, 4 Oct 2017

Home Sec Amber Rudd: Yeah, I don't understand encryption. So what?

UK Home Secretary Amber Rudd has once again demonstrated she does not know how encryption works, this time by explicitly admitting it to delegates at a Tory party fringe conference where she also hit out at "patronising" techies that "sneered" at politicians. Speaking at a Spectator event, Rudd said: "It's so easy to be …
Kat Hall, 3 Oct 2017
SmartThings hub and devices

Insteon and Wink home hubs appear to have a problem with encryption

Security researchers have discovered that two popular home automation systems are vulnerable to attacks. The Insteon Hub and Wink Hub 2 are designed to connect various home products and manage automation, and the flaws represent another entry in the growing catalogue of IoT security shortcomings. Rapid7 discovered two …
John Leyden, 25 Sep 2017

NBD: Adobe just dumped its private PGP key on the internet

Updated An absent-minded security staffer just accidentally leaked Adobe's private PGP key onto the internet. The disclosure was spotted by security researcher Juho Nurminen – who found the key on the Photoshop giant's Product Security Incident Response Team blog, ironically. That contact page should have only included the public PGP …
Shaun Nichols, 22 Sep 2017
Crypto fingers

Microsoft pitches encrypted Azure to keep cloud data secret

Microsoft has a unveiled a set of services it hopes will alleviate security concerns with its public cloud service. Known as Azure Confidential Computing, the service is currently in an early access test and aims to provide security for cloud data while it is in use by cloud applications. The idea, says Microsoft, is to keep …
Shaun Nichols, 14 Sep 2017

'Independent' gov law reviewer wants users preemptively identified before they're 'allowed' to use encryption

The UK’s “independent reviewer of terrorism legislation” appears to have gone rogue, saying that encryption should be withheld from people who don’t verify their identities on social media. Max Hill QC is supposedly the reviewer of government laws designed to stop terrorists. His latest statement, carried in tonight’s London …

Deputy AG Rosenstein calls for law to require encryption backdoors

The deputy US Attorney General said he wants legislators to force technology companies to decrypt people's private conversations. Rod Rosenstein on Wednesday told a crowd of over 600 police officers that software developers should be required by law to unscrambled end-to-end encrypted chatter on demand – and if the engineers …
Shaun Nichols, 31 Aug 2017

Macie slay: AWS touts S3 patrol bots to kill data-slurping hackers

AWS kicked off its New York City summit with a handful of announcements on Monday. Among the new stuff available from Amazon's cloud is a tool that tries to stop leaks of sensitive information – such as people's personal records – along with a file migration and indexing utility, and a configuration and key management system. …
Shaun Nichols, 14 Aug 2017
Silhouette of spy discerning password from code uses a command on graphic user interface

Good Lord: Former UK spy boss backs crypto

A former boss at UK domestic spy arm MI5 has cautioned against a crackdown on encrypted messaging apps. Lord Evans, who retired in 2013, told BBC Radio 4’s Today programme (link here) that he did not support encryption restrictions despite acknowledging cryptography had been an obstacle in investigating terrorist cases, saying …
John Leyden, 11 Aug 2017
Spy hides in dustbin, lifts lid to take photograph

'Real' people want govts to spy on them, argues UK Home Secretary

Analysis UK Home Secretary Amber Rudd kicked off a firestorm in the tech community Tuesday when she argued that "real people" don't need or use end-to-end encryption. In an article in the Daily Telegraph timed to coincide with Rudd's appearance at a closed event in San Francisco, Rudd argued: "Real people often prefer ease of use and a …

Look out Silicon Valley, here comes Brit bruiser Amber Rudd to lay down the (cyber) law

Executives at Facebook, Google and other terrorist-enabling online services are said to be quaking in their boots as UK Home Secretary Amber Rudd swoops into Silicon Valley this week to read them the riot act. Rudd has been a frequent critic of social media giants, particularly after the murders in London and Manchester, and …
Kieren McCarthy, 31 Jul 2017

Create a news alert about encryption, or find more stories about encryption.

Biting the hand that feeds IT © 1998–2017