Articles about encryption

See no evil hear no evil speak no evil

MIT to Oz: Crypto-busting laws risk banning security tests

Australia's government's crypto-busting legislation risks blocking security research, a leading Internet policy boffin has warned. Speaking to a parliamentary hearing into the “Assistance and Access” legislation this morning, a director of the Massachusetts Internet Policy Research Initiative, Daniel Weitzner, said the problem …
How about you lock the door next time

Oi! Not encrypting RPC traffic? IETF bods would like to change that

An Internet Engineering Task Force group has turned its attention to how Remote Procedure Calls (RPC) travel over the internet, and decided a bit of (easy) encryption is in order. RPC hasn't been updated in more than a decade, and while an attempt was made to bestow encryption upon it in 2016 (in RFC 7861, RPCSEC), take-up is …

Solid state of fear: Euro boffins bust open SSD, Bitlocker encryption (it's really, really dumb)

Fundamental flaws in the encryption system used by popular solid-state drives (SSDs) can be exploited by miscreants to easily decrypt data, once they've got their hands on the equipment. A paper [PDF] drawn up by researchers Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands, and made public today, …
Shaun Nichols, 5 Nov 2018
china hacker

Great. Global internet freedoms take another dive as censorship and fake news proliferate

Internet freedoms have taken a nose dive for the eighth year running, according to a report warning that authoritarian countries and populist leaders are exporting harmful attitudes and ideas around the world. The US pro-democracy think tank Freedom House produces a report on internet freedoms each year. This year, it assessed …
Rebecca Hill, 2 Nov 2018
Welcome to Florida sign

Florida man won't be compelled to reveal iPhone passcode, yet

Florida's Fourth District Court of Appeals has granted a petition by a defendant not to be forced to reveal his iPhone passcode and iTunes password, based on the US Fifth Amendment's protection against self-incrimination. The defendant, a minor referred to as G.A.Q.L in his petition against the State of Florida, was involved …
Thomas Claburn, 27 Oct 2018

Oz intel committee: Crypto-busting is only bad if you're a commie, and we're not by the way

Comment Tech vendors: don't worry about Australian law enforcement demanding you decrypt user messages. It's OK, because we're not a communist regime. That's the upshot of a real exchange in the the powerful Parliamentary Joint Committee on Intelligence and Security conducting hearings into the country's crypto-busting "Assistance and …
Two baby boys playing with sand in a sandbox

Google and Microsoft boffins playing nicely together to stop replay attacks in their tracks

Google and Microsoft engineers have pooled their efforts to propose a protection against what are known as "replay attacks". These occur when an attacker steals something like a victim's OAuth token and uses it to impersonate them to access otherwise secured resources. The Token Binding Protocol is the next instalment in the …

What do Zuck, Sergey, @Jack and Bezos have in common? They don't want encryption broken

Opposition to the Australian government's proposed crypto-busting legislation is gathering pace, with internet and telco giants deciding to speak with a single voice. Local companies like Telstra and Optus have added their names to the Alliance for a Safe and Secure Internet, which is opposed the Australian government's plans …

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates. The problem, which has prompted much head-scratching in security circles, was raised by power user "kingcr" on Microsoft's technet forums back in June as part of an ongoing discussion. He …
John Leyden, 25 Sep 2018
Backdoor key

Oz government rushes its anti-crypto legislation into parliament

The Australian government has rushed forward its proposed anti-encryption legislation, a mere week after a public consultation into the rules closed. A Federal Coalition party meeting yesterday cleared the bill to be introduced into parliament, giving the strong impression the government hopes to push the draft law onto the …

You'll never guess what you can do once you steal a laptop, reflash the BIOS, and reboot it

Video If you can steal someone's laptop, leave it switched on in sleep mode, crack it open, hook up some electronics to alter settings in the BIOS firmware, restart it, and boot into a custom program... you can swipe crypto keys and other secrets from the system. When computers are restarted, the motherboard firmware can wipe the …
John Leyden, 14 Sep 2018
Photo by Kaspars Grinvalds / Shutterstock

2-bit punks' weak 40-bit crypto didn't help Tesla keyless fobs one bit

Video Boffins have sprung the bonnet on the weak crypto used in the keyless entry system in Tesla's Model S car. Researchers from the Computer Security and Industrial Cryptography (COSIC) group – part of the Department of Electrical Engineering at Belgian university KU Leuven – were able to clone a key fob, open the doors, and drive …
John Leyden, 12 Sep 2018
tv television cable cableco entertainment netflix hbo

HTTPS crypto-shame: TV Licensing website pulled offline

The UK's TV Licensing agency has taken its website offline "as a precaution" after being blasted for running transactional pages that were not sent over HTTPS. The publicly funded outfit had been criticised for inviting folk to submit sensitive data over unencrypted links. Just a few hours after proclaiming "we will soon …
John Leyden, 6 Sep 2018
man in headset in fake fatigues sits in front of monitor, speaks intently to unseen officer

Nope, the NSA isn't sitting in front of a supercomputer hooked up to a terrorist’s hard drive

Analysis Not since the days of the US Clipper chip in the early 1990s, have backdoors put there by government decree to bypass encryption been this fashionable with governments. Clipper – an encryption chipset with a US-government-accessible backdoor backed by the US National Security Agency (NSA) – foundered on the stubborn resistance …
John E Dunn, 6 Sep 2018

Take a pinch of autofill, mix in HTTP, and bake on a Wi-Fi admin page: Quirky way to swipe a victim's router password

Vid Beware using your web browser's autofill feature to log into your broadband router via Wi-Fi and unprotected HTTP. A nearby attacker can attempt to retrieve the username and password. The problem – found by SureCloud's Elliott Thompson and detailed here – is the result of a mismatch in browser behavior and router configuration …
Angry man bites a smartphone

Spies still super upset they can't get at your encrypted comms data

The Five Eyes nations have told the tech industry to help spy agencies by creating lawful access solutions to encrypted services – and warned that governments can always legislate if they don't. The UK, US, Canada, Australia and New Zealand - which have a long-standing intelligence agreement – met in Australia this week. In …
Rebecca Hill, 31 Aug 2018

Support for ageing key exchange crypto leaves VPNs open to attack

Security gaps have been identified in widely used implementations of the IPsec protocol, which is used in the set up of Virtual Private Networks (VPNs). The Internet Key Exchange protocol "IKEv1", which is part of the IPsec protocol family, has vulnerabilities that enable potential attackers to interfere with the communication …
John Leyden, 15 Aug 2018

Australia's Snooper's Charter: Experts react, and it ain't pretty

If the Australian government was hoping its encryption legislation would have a smooth run, it'll probably be disappointed. Not only has the exposure draft landed with a political storm, reactions from technologists range from guarded to sharply critical. On the political front, the Australian Greens came out most strongly …

Create a news alert about encryption, or find more stories about encryption.

Biting the hand that feeds IT © 1998–2018