Articles about encryption

A piggy bank in a pile of pound coins

Does UK high street banks' crappy crypto actually matter?

The Register's recent story about the failure of most UK high street banks to follow web security best practices has provoked a lively debate among security experts. Tests of six banks revealed sketchy support for HTTP Strict Transport Security (HSTS), a cryptographic technology introduced in October 2012 and designed to …
John Leyden, 16 Nov 2017
Monty Python sketch: Nobody expects the Spanish Inquisition

Confusion reigns over crypto vuln in Spanish electronic ID smartcards

The impact of a recently discovered cryptographic vulnerability involving smartcards is causing issues in Spain similar to those previously experienced in Estonia. RSA keys produced by smartcards, security tokens, laptops and other devices using cryptography chips made by Infineon Technologies are weak and crackable – and …
John Leyden, 15 Nov 2017
Rosenstein

US government seizes Texas gun mass murder to demand backdoors

While US President Donald Trump thinks it's too early to discuss gun control in the wake of Sunday's Texas church massacre – America's latest mass shooting – his Deputy Attorney General Rod Rosenstein is just fine exploiting the murder-suicide of 26 people to push for backdoors. Specifically, a backdoor so investigators can …
Iain Thomson, 9 Nov 2017
FBI

You know what's coming next: FBI is upset it can't get into Texas church gunman's smartphone

FBI agents investigating the murder-suicide of 26 people in a church in Sutherland Springs, Texas, on Sunday, have said they can't yet unlock the shooter's smartphone. In a press conference on Tuesday, special agent Chris Combs said that investigations into the motives and actions of the gunman was ongoing, but that his mobe …
Iain Thomson, 8 Nov 2017

Amazon's answer to all those leaky AWS S3 buckets: A dashboard warning light

Updated After watching customer after customer screw up their AWS S3 security and expose highly sensitive files publicly to the internet, Amazon has responded. With a dashboard warning indicator. Simple, and hopefully effective. For months now we have been reporting on researchers finding open S3 buckets packed full of confidential …
Iain Thomson, 7 Nov 2017

Boffins tear into IEEE's tissue-thin anti-hacker chip blueprint crypto

Several large gaps have been found in the IEEE's P1735 cryptography standard that can be exploited to unlock or tamper with encrypted system-on-chip blueprints. The P1735 scheme was designed so that chip designers could, ideally, shield their intellectual property from prying eyes. When you're creating a system-on-chip …
Iain Thomson, 7 Nov 2017
Rod Rosenstein

Fine, OK, no backdoors, says Deputy AG. Just keep PLAINTEXT copies of everyone's messages

The US Deputy Attorney General has told business leaders that Uncle Sam won't demand mandatory backdoors in encryption – so long as companies can cough up an unencrypted copy of every message, call, photo or other form of communications they handle. Speaking at the 2017 North American International Cyber Summit in Detroit on …
Iain Thomson, 30 Oct 2017
Waiting for the men's room

Microsoft says something more hyper than Storage Spaces is coming 'very soon'

Microsoft's offered an explanation, of sorts, for the unexpected disappearance of Storage Spaces Direct from Windows Server version 1709. A new FAQ on Windows Server, version 1709 posted on Thursday offers the following verbiage: Storage Spaces Direct was introduced in Windows Server 2016 and remains the foundation for our …
Simon Sharwood, 27 Oct 2017

Google slides DNS privacy into 'Droid developer stream

Android users might get better protection for their browsing records, if a Google experiment takes off. XDA-developers.com spotted the entry in the Android Open Source Project, which adds DNS over TLS, along with an option to turn it off. The idea of sending DNS queries over TLS is simple: it's in line with the IETF's (and …
casino_security_648

ROCA 'round the lock: Gemalto says IDPrime .NET access cards bitten by TPM RSA key gremlin

Some Gemalto smartcards can be potentially cloned and used by highly skilled crooks due to a cryptography blunder dubbed ROCA. Security researchers went public last week with research that revealed that RSA keys produced for smartcards, security tokens, and other devices by crypto-chips made by Infineon Technologies were weak …
John Leyden, 23 Oct 2017
The FBI seal on a building

Phone crypto shut FBI out of 7,000 devices, complains chief g-man

The FBI has been locked out of almost 7,000 seized mobile phones thanks to encryption, director Christopher Wray has said. Speaking at the International Association of Chiefs of Police conference in Philadelphia in the US, Wray lamented that device encryption kept the g-men out of “more than 6,900, that’s six thousand nine …
Gareth Corfield, 23 Oct 2017

EU: No encryption backdoors but, eh, let's help each other crack that crypto, oui? Ja?

The European Commission has proposed that member states help each other break into encrypted devices by sharing expertise around the bloc. In an attempt to tackle the rise of citizens using encryption and its effects on solving crimes, the commission decided to sidestep the well-worn, and well-ridiculed, path of demanding …
Rebecca Hill, 19 Oct 2017
sad kids

Hackers can track, spoof locations and listen in on kids' smartwatches

Tests on smartwatches for children by security firm Mnemonic and the Norwegian Consumer Council have revealed them to be riddled with flaws. The Oslo-based company teamed up with the trading standards body to investigate several smartwatches aimed at kids, specifically the Xplora (and associated mobile application Xplora T1), …
John Leyden, 18 Oct 2017

Never mind the WPA2 drama... Details emerge of TPM key cockup that hits tonnes of devices

RSA keys produced by smartcards, security tokens, laptops, and other devices using cryptography chips made by Infineon Technologies are weak and crackable – and should be regenerated with stronger algorithms. In short, Infineon TPMs – aka trusted platform modules – are used in countless computers and gadgets to generate RSA …
John Leyden, 16 Oct 2017
Wi-fi symbol made out of clouds. Photo by Shutterstock

WPA2 KRACK attack smacks Wi-Fi security: Fundamental crypto crapto

Updated Users are urged to continue using WPA2 pending the availability of a fix, experts have said, after security researchers went public with more information about a serious flaw in the wireless encryption protocol. So-called Key Reinstallation Attacks, aka KRACK, potentially work against all modern protected Wi-Fi networks. …
John Leyden, 16 Oct 2017
FACEPALM

'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

Continuing the US government's menacing of strong end-to-end encryption, Deputy Attorney General Rod Rosenstein told an audience at the US Naval Academy that encryption isn't protected by the American Constitution. In short, software writers and other nerds: the math behind modern cryptography is trumped by the Fourth …

It's 4PM on Friday, almost time to log off and, oh look, Disqus says it's been hacked

Disqus, the developer of website comment systems used worldwide, is playing the old "bury bad news late on a Friday" card – as it just confessed one of its databases was swiped by hackers. The software maker, which produces reader comment boards for blogs and newspapers everywhere, admitted at 4pm Pacific Time, Friday, that a …
Shaun Nichols, 6 Oct 2017
Keybase.io encrypted git screenshot

Keybase Git gets keys, basically: Secure chat app encrypts your repos

Keybase.io, which began as a cloud key database and has since evolved into a secure messaging and collaboration service, on Wednesday added support for encrypted Git repositories. Git, a version control system widely used for managing source code, doesn't encrypt files stored in Git repositories. It can, however, be used in …

Create a news alert about encryption, or find more stories about encryption.

Biting the hand that feeds IT © 1998–2017