Articles about encryption

Putin

Crypto gripes, election security, and mandatory cybersec school: Uncle Sam's cyber task force emits todo list for govt

The US Department of Justice (DOJ) this week released the first report from its Cyber Digital Task Force – which was set up in February to advise the government on strengthening its online defenses. The report [PDF], compiled by 34 people from six different government agencies, examines the challenges facing Uncle Sam's …
Shaun Nichols, 20 Jul 2018
Enigma machine Shutterstock

In non-startling news, EFF says STARTTLS email crypto is mostly done wrong

Having successfully pushed for universal HTTPS Web encryption, the Electronic Frontier Foundation's next protocol push is for “STARTTLS Everywhere”. It's testament to system administrator inertia that a protocol first published in 2002 and available in all major e-mail clients and servers is still not everybody's default. By …
Broken container photo via Shutterstock

Hardened Azure logins, softened containers, leaky encrypted images on Macs – and more

Roundup This week you had to deal with AI security panic, fake Fortnite, and, if you use OpenBSD, the end of Intel HyperThread support Here are a few more bits of security news that you might have missed. Ready or not, here comes two-factor Azure log-in Microsoft is going to get its customers using best practices, even if it has to …
Shaun Nichols, 23 Jun 2018
Sigspoof logo by Marcus Brinkmann

Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug

Security researcher Marcus Brinkmann has turned up another vulnerability in the GnuPG cryptographic library, this time specific to the Simple Password Store. Brinkmann explained that CVE-2018-12356 offers both access to passwords and possible remote code execution. This bug is an incomplete regex in GnuPG's signature …
Photon, image via Shutterstock

Quantum cryptography demo shows no need for ritzy new infrastructure

Telefónica and Huawei have carried out a successful field trial of quantum cryptography on commercial optical networks. Other teams, notably a Toshiba Research and Cambridge University Engineering Department, have made great strides in Quantum Key Distribution (QKD), a technology that promises unprecedented secrecy. While …
John Leyden, 14 Jun 2018
A sports fan looking at a phone

In World Cup Russia, our Wi-Fi networks will log on to you!

The upcoming soccer World Cup will present no shortage of security dangers for travelers looking to get online in the host cities. Security house Kaspersky Lab said its researchers looked at 32,000 public Wi-Fi hotspots in the 11 Russian cities hosting the World Cup this year and found that one in five are using no protection …
Shaun Nichols, 6 Jun 2018

Epyc fail? We can defeat AMD's virtual machine encryption, say boffins

Updated German researchers reckon they have devised a method to thwart the security mechanisms AMD's Epyc server chips use to automatically encrypt virtual machines in memory. So much so, they said they can exfiltrate plaintext data from an encrypted guest via a hijacked hypervisor and simple HTTP or HTTPS requests. AMD's data-center …
Shaun Nichols, 25 May 2018

Zimmerman and friends: 'Are you listening? PGP is not broken'

ProtonMail has weighed into 2018's worst branded-bug PR disaster, EFAIL, with a simple statement: “PGP is not broken”. The discoverers of the bug in e-mail client encryption implementations started the ball rolling ahead of their disclosure in the middle of this month. Münster University professor Sebastian Schinzel started …
Wray

FBI's flawed phone tally blamed on programming error. 7,800 unbreakable mobes? Er, um...

The FBI apparently gilded the lily in its long campaign against consumer cryptography, telling the world it held more locked phones than it did. At issue is the Feds' claim that it has seized 7,000 phones it can't crack because they're encrypted. FBI boss Christopher Wray upped the ante in December 2017, telling a …
Spy

S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats

Security researchers have gone public with vulnerabilities in some secure mail apps that can be exploited by miscreants to decrypt intercepted PGP-encrypted messages. The flaws, collectively dubbed EFAIL, are present in the way some email clients handle PGP and S/MIME encrypted messages. By taking advantage of the way the …
Shaun Nichols, 14 May 2018
police look over the evidence

Wah, encryption makes policing hard, cries UK's National Crime Agency

Encryption is making it more difficult for law enforcement agencies to detect dangerous offenders, according the the National Crime Agency's (NCA) yearly assessment of serious organised crime in Britain. "Since 2010, communication service providers have migrated to encrypted services 'by default', a process that accelerated …
Kat Hall, 14 May 2018

PGP and S/MIME decryptors can leak plaintext from emails, says infosec professor

Updated A professor of Computer Security at the Münster University of Applied Sciences‏ has warned that popular email encryption tool Pretty Good Privacy (PGP) might actually allow Pretty Grievous P0wnage thanks to bugs that can allow supposedly encrypted emails to be read as plaintext. Professor Sebastian Schinzel took to Twitter …
Simon Sharwood, 14 May 2018

New law would stop Feds from demanding encryption backdoor

US lawmakers from both major political parties came together on Thursday to reintroduce a bill that, if passed, would prohibit the American government from forcing tech product makers to undermine the security of their wares. The bill, known as the Secure Data Act of 2018, was returned to the US House of Representatives by …
Thomas Claburn, 10 May 2018
Ray Ozzie

Ozzie Ozzie Ozzie, oi oi oi! Tech zillionaire Ray's backdoor crypto for the Feds is Clipper chip v2

Analysis Those who cannot remember the past are condemned to repeat it, particularly if forgetfulness promises profit. Ray Ozzie, former CTO of Microsoft and the designer of Lotus Notes, is old enough to recall the battle over the Clipper chip, an ill-fated NSA-backed effort from 1993 through 1996 to require a US-government-accessible …
Thomas Claburn, 27 Apr 2018

ISO blocks NSA's latest IoT encryption systems amid murky tales of backdoors and bullying

Two new encryption algorithms developed by the NSA have been rejected by an international standards body amid accusations of threatening behavior. The "Simon" and "Speck" cryptographic tools were designed for secure data to and from the next generation of internet-of-things gizmos and sensors, and were intended to become a …
Kieren McCarthy, 25 Apr 2018

Surprise! Wireless brain implants are not secure, and can be hijacked to kill you or steal thoughts

Scientists in Belgium have tested the security of a wireless brain implant called a neurostimulator – and found that its unprotected signals can be hacked with off-the-shelf equipment. And because this particularly bit of kit resides amid sensitive gray matter – to treat conditions like Parkinson's – the potential consequences …
Thomas Claburn, 18 Apr 2018

France building encrypted messaging app for politicians

France's government has built an encrypted messaging app for government use. The move was announced last Friday on radio station France Inter by digital secretary of state Mounir Mahjoubi (here in French). Mahjoubi said the aim is to create an end-to-end encrypted app to be “internal to the state and intended to replace” non- …
The word futile

Google, AWS IPs blocked by Russia in Telegram crackdown

Russia's telecoms regulator Roskomnadzor has started blocking IP addresses linked to secure messaging service Telegram. Russia wants Telegram banished from within its borders, supposedly on national security grounds. First on its list, therefore, according to Roem.ru* (translated), are addresses used by, er, Amazon Web …

Create a news alert about encryption, or find more stories about encryption.

Biting the hand that feeds IT © 1998–2018