Encryption

US DOJ: Encryption could get a child killed

US DOJ: Encryption could get a child killed

The US Justice Department may have tried to hit below the belt and appeal to emotion rather than reason by painting a gruesome future. Because while tech companies are working towards strengthening a user's privacy, the government is getting worried that they will be shut off from gathering personal information that could potentially save lives. In particular, the new encryption schemes being implemented by Apple in iOS and Google in Android could prevent law enforcers from getting their hands on a user's information in a timely manner.

Continue Reading

WhatsApp just gave 500,000 Android users encrypted messaging

WhatsApp just gave 500,000 Android users encrypted messaging

In a odd and surprising move, WhatsApp has just offered end-to-end encryption for all Android users. Relying on the Open Whisper System, and using open source code, WhatsApp just gave 500 million users totally encrypted messaging. The encrypted messages are accessed via the user’s device, using a key that only the account owner can access on the device. That means WhatsApp can’t access the messages, and neither can law enforcement. It’s not clear when an iOS version may be available.

Continue Reading

Wiper app now lets you make free encrypted calls

Wiper app now lets you make free encrypted calls

Secure messaging is a big deal to many, with ephemeral services like Snapchat a popular choice. Still, that service has been violated many times, leading some to search for a new path forward. The last time we talked about Wiper, the service was new, and pretty amazing. For a messaging platform, the encrypted app-to-app pipeline and ability to clear the chat on both ends is special. The company has recently released version 2.0 of their app, bringing the encrypted platform full circle.

Continue Reading

Google researchers discover SSL 3.0 bug

Google researchers discover SSL 3.0 bug

We've heard about a lot of bugs this year, not the least of which being the recent "Shellshock" bug. Now Google researchers have discovered a bug in SSL 3.0 that could allow hackers to nab user data. The discovery was detailed today in a report published by the team, which says they were able to breach the protocol using what they call a "POODLE" attack -- Padding Oracle On Downgraded Legacy Encryption attack. With this, they have recommended that SSL 3.0 be disabled to mitigate the problem.

Continue Reading

Adobe Digital Editions caught calling home with user logs

Adobe Digital Editions caught calling home with user logs

Home and mobile users might be more familiar with Adobe's Acrobat software for reading PDFs, but those who live on ebooks, particular in the EPUB format, also live in another program called Adobe Digital Editions or ADE. Popular (relatively) and widespread, this program has just been discovered to have one frightening flaw. Apparently, ADE transmits the app's activity logs to Adobe's servers, presumably for copyright protection purposes, but also seemingly includes unnecessary user data. Worse, it transmits them in a manner that can be easily read by unauthorized snooping third parties.

Continue Reading

Google to implement encryption by default in Android L

Google to implement encryption by default in Android L

Following Apple's privacy policy statement yesterday, Google is reported to be coming out with a similar hard-line stance in its next Android release. Devices that will be running the upcoming Android L, sometimes called Android 5.0 or Lemon Meringue Pie, will have their phone's data encrypted and password-protected by default, which would hinder both authorities and miscreants alike from gathering users' private data.

Continue Reading

Fox-IT, FireEye DecryptCryptoLocker saves ransomware victims

Fox-IT, FireEye DecryptCryptoLocker saves ransomware victims

At the height of the CryptoLocker ransomware plague, security companies Fox-IT and FireEye have teamed up to offer unwitting victims a way out of their predicament without paying any ransom. With DecryptCryptoLocker, these users can send a sample encrypted file and receive a private decryption key, as well a program that can then decrypt all of their affected files. All for free!

Continue Reading

1 2 3 4 5