Articles about encryption

Epyc fail? We can defeat AMD's virtual machine encryption, say boffins

German researchers reckon they have devised a method to thwart the security mechanisms AMD's Epyc server chips use to automatically encrypt virtual machines in memory. So much so, they said they can exfiltrate plaintext data from an encrypted guest via a hijacked hypervisor and simple HTTP requests to a web server running in a …
Shaun Nichols, 25 May 2018

Zimmerman and friends: 'Are you listening? PGP is not broken'

ProtonMail has weighed into 2018's worst branded-bug PR disaster, EFAIL, with a simple statement: “PGP is not broken”. The discoverers of the bug in e-mail client encryption implementations started the ball rolling ahead of their disclosure in the middle of this month. Münster University professor Sebastian Schinzel started …
Wray

FBI's flawed phone tally blamed on programming error. 7,800 unbreakable mobes? Er, um...

The FBI apparently gilded the lily in its long campaign against consumer cryptography, telling the world it held more locked phones than it did. At issue is the Feds' claim that it has seized 7,000 phones it can't crack because they're encrypted. FBI boss Christopher Wray upped the ante in December 2017, telling a …
Spy

S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats

Security researchers have gone public with vulnerabilities in some secure mail apps that can be exploited by miscreants to decrypt intercepted PGP-encrypted messages. The flaws, collectively dubbed EFAIL, are present in the way some email clients handle PGP and S/MIME encrypted messages. By taking advantage of the way the …
Shaun Nichols, 14 May 2018
police look over the evidence

Wah, encryption makes policing hard, cries UK's National Crime Agency

Encryption is making it more difficult for law enforcement agencies to detect dangerous offenders, according the the National Crime Agency's (NCA) yearly assessment of serious organised crime in Britain. "Since 2010, communication service providers have migrated to encrypted services 'by default', a process that accelerated …
Kat Hall, 14 May 2018

PGP and S/MIME decryptors can leak plaintext from emails, says infosec professor

Updated A professor of Computer Security at the Münster University of Applied Sciences‏ has warned that popular email encryption tool Pretty Good Privacy (PGP) might actually allow Pretty Grievous P0wnage thanks to bugs that can allow supposedly encrypted emails to be read as plaintext. Professor Sebastian Schinzel took to Twitter …
Simon Sharwood, 14 May 2018

New law would stop Feds from demanding encryption backdoor

US lawmakers from both major political parties came together on Thursday to reintroduce a bill that, if passed, would prohibit the American government from forcing tech product makers to undermine the security of their wares. The bill, known as the Secure Data Act of 2018, was returned to the US House of Representatives by …
Thomas Claburn, 10 May 2018
Ray Ozzie

Ozzie Ozzie Ozzie, oi oi oi! Tech zillionaire Ray's backdoor crypto for the Feds is Clipper chip v2

Analysis Those who cannot remember the past are condemned to repeat it, particularly if forgetfulness promises profit. Ray Ozzie, former CTO of Microsoft and the designer of Lotus Notes, is old enough to recall the battle over the Clipper chip, an ill-fated NSA-backed effort from 1993 through 1996 to require a US-government-accessible …
Thomas Claburn, 27 Apr 2018

ISO blocks NSA's latest IoT encryption systems amid murky tales of backdoors and bullying

Two new encryption algorithms developed by the NSA have been rejected by an international standards body amid accusations of threatening behavior. The "Simon" and "Speck" cryptographic tools were designed for secure data to and from the next generation of internet-of-things gizmos and sensors, and were intended to become a …
Kieren McCarthy, 25 Apr 2018

Surprise! Wireless brain implants are not secure, and can be hijacked to kill you or steal thoughts

Scientists in Belgium have tested the security of a wireless brain implant called a neurostimulator – and found that its unprotected signals can be hacked with off-the-shelf equipment. And because this particularly bit of kit resides amid sensitive gray matter – to treat conditions like Parkinson's – the potential consequences …
Thomas Claburn, 18 Apr 2018

France building encrypted messaging app for politicians

France's government has built an encrypted messaging app for government use. The move was announced last Friday on radio station France Inter by digital secretary of state Mounir Mahjoubi (here in French). Mahjoubi said the aim is to create an end-to-end encrypted app to be “internal to the state and intended to replace” non- …
The word futile

Google, AWS IPs blocked by Russia in Telegram crackdown

Russia's telecoms regulator Roskomnadzor has started blocking IP addresses linked to secure messaging service Telegram. Russia wants Telegram banished from within its borders, supposedly on national security grounds. First on its list, therefore, according to Roem.ru* (translated), are addresses used by, er, Amazon Web …
Promotional still from Quantum Leap, the TV series

Boffins pull off quantum leap in true random number generation

A team of physicists claim to have developed a guaranteed random number generator using photons and the laws of quantum mechanics. Random numbers are used to secure communications, and a good random number generator is essential for strong encryption. But ensuring that the numbers are truly random is difficult. Number …
Katyanna Quach, 11 Apr 2018
The Shining

They're back! 'Feds only' encryption backdoors prepped in US by Dems

US lawmakers are yet again trying to force backdoors into tech products, allowing Uncle Sam, and anyone else with the necessary skills, to rifle through people's private encrypted information. Two years after her effort to introduce new legislation died, Senator Dianne Feinstein (D-CA) is again spearheading an effort to make …
Wire cutters

Russian regulator asks courts to disconnect Telegram

Russian telecoms and mass communications regulator Roskomnadzor has filed a lawsuit it hopes will see secure messaging app Telegram turfed out of the country. Moscow’s been unhappy with Telegram for some time, dating back to a mid-2017 dispute over the company’s non-compliance with requests to register as a telecoms service …

Tor ‘sunsets’ secure Messenger that never exited beta

The Tor project will “sunset” its Messenger, a project launched in 2015 in the hope of improving security for social networks’ messaging services. At launch, Tor advanced Messenger as a replacement for multi-protocol chat clients like Adium and Pidgin. The project’s plan was to route messages sent using XMPP, IRC, Google Talk …
Parliament House Canberra icon

Australian Senate passes meaningless motion that says encryption is very useful

Digital rights campaigners are celebrating a small, symbolic victory, with the country's Senate voting to protect the integrity of cryptography. The vote, which happened just before 4pm on Tuesday March 27, at least indicates that any government legislation weakening encryption won't get free passage through the Senate. …
chess

Did the FBI engineer its iPhone encryption court showdown with Apple to force a precedent? Yes and no, say DoJ auditors

Analysis On December 2, 2015 Syed Farook and his wife Tashfeen Malik attended his employer's holiday party in San Bernardino, California – and without warning started indiscriminately shooting at fellow employees. Four minutes and 75 bullets later, 14 people were dead and 17 injured. Farook and Malik fled the scene but were located by …
Kieren McCarthy, 27 Mar 2018

Create a news alert about encryption, or find more stories about encryption.

Biting the hand that feeds IT © 1998–2018